// For flags

CVE-2021-20230

stunnel: client certificate not correctly verified when redirect and verifyChain options are used

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority, which is not the one accepted by the stunnel server, to access the tunneled service instead of being redirected to the address specified in the redirect option. The highest threat from this vulnerability is to confidentiality.

Se encontró un fallo en stunnel versiones anteriores a 5.57, donde comprueba inapropiadamente los certificados del cliente cuando está configurado para usar las opciones de redireccionamiento y verifyChain. Este fallo permite a un atacante con un certificado firmado por una Autoridad de Certificación, que no es el aceptado por el servidor de stunnel, para acceder al servicio de túnel en lugar de ser redireccionado a la dirección especificada en la opción de redireccionamiento. La mayor amenaza de esta vulnerabilidad es la confidencialidad

A flaw was found in stunnel, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority, which is not the one accepted by the stunnel server, to access the tunneled service instead of being redirected to the address specified in the redirect option. The highest threat from this vulnerability is to confidentiality.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-12-17 CVE Reserved
  • 2021-02-22 CVE Published
  • 2023-11-09 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-295: Improper Certificate Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Stunnel
Search vendor "Stunnel"
Stunnel
Search vendor "Stunnel" for product "Stunnel"
< 5.57
Search vendor "Stunnel" for product "Stunnel" and version " < 5.57"
-
Affected