CWE-593

Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created

AI Translation Available

The product modifies the SSL context after connection creation has begun.

Status

draft

Abstraction

variant

Affected Platforms

Extended Description

AI Translation

If the program modifies the SSL_CTX object after creating SSL objects from it, there is the possibility that older SSL objects created from the original context could all be affected by that change.

Technical Details

AI Translation

Common Consequences

access control confidentiality

Impacts

bypass protection mechanism read application data

Potential Mitigations

Phases:

architecture and design implementation

Descriptions:

• Most SSL_CTX functions have SSL counterparts that act on SSL-type objects.

• Use a language or a library that provides a cryptography framework at a higher level of abstraction.

• Applications should set up an SSL_CTX completely, before creating SSL objects from it.

AI Generated Translation

Common Consequences

controllo degli accessi riservatezza

Impacts

elusione del meccanismo di protezione leggere dati applicazione

Potential Mitigations

Phases:

architettura e design implementazione

Descriptions:

• La maggior parte delle funzioni SSL_CTX ha controparti SSL che operano su oggetti di tipo SSL.

• Utilizza un linguaggio o una libreria che fornisca un framework di crittografia a un livello di astrazione superiore.

• Le applicazioni dovrebbero configurare completamente un SSL_CTX prima di creare oggetti SSL da esso.

CWE-593

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter