CVE ID(s)
List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database.
CVE-2020-26234
Report
Describe the vulnerability. Provide any information you think will help GitHub assess the impact your query has on the open source community.
A insecure TrustManager is an implementation of the TrustManager interface, where the checkServerTrusted method trusts any certificate because it never throws a CertificateException.
As the TrustManager trusts any certificate, an attacker can create a self-signed certificate that will be accepted as any certificate is trusted. This leads to a MiTM attack against the connection thereby stealing sensitive secrets such as login data or other tokens is possible.
##Query:
github/codeql#4879
Result(s)
CVE-2020-26234
CVE ID(s)
List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database.
CVE-2020-26234
Report
Describe the vulnerability. Provide any information you think will help GitHub assess the impact your query has on the open source community.
A insecure
TrustManageris an implementation of theTrustManagerinterface, where the checkServerTrusted method trusts any certificate because it never throws a CertificateException.As the
TrustManagertrusts any certificate, an attacker can create a self-signed certificate that will be accepted as any certificate is trusted. This leads to a MiTM attack against the connection thereby stealing sensitive secrets such as login data or other tokens is possible.##Query:
github/codeql#4879
Result(s)
CVE-2020-26234