CVE ID(s)
List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database.
Report
Describe the vulnerability. Provide any information you think will help GitHub assess the impact your query has on the open source community.
A insecure TrustManager is an implementation of the TrustManager interface, where the checkServerTrusted method trusts any certificate because it never throws a CertificateException.
As the TrustManager trusts any certificate, an attacker can create a self-signed certificate that will be accepted as any certificate is trusted. This leads to a MiTM attack against the connection thereby stealing sensitive secrets such as login data or other tokens is possible.
Query:
github/codeql#4879
Result(s)
Provide at least one useful result found by your query, on some revision of a real project.
CVE ID(s)
List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database.
Report
Describe the vulnerability. Provide any information you think will help GitHub assess the impact your query has on the open source community.
A insecure
TrustManageris an implementation of theTrustManagerinterface, where thecheckServerTrustedmethod trusts any certificate because it never throws aCertificateException.As the
TrustManagertrusts any certificate, an attacker can create a self-signed certificate that will be accepted as any certificate is trusted. This leads to a MiTM attack against the connection thereby stealing sensitive secrets such as login data or other tokens is possible.Query:
github/codeql#4879
Result(s)
Provide at least one useful result found by your query, on some revision of a real project.