A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2019-10-14T19:35:04

Updated: 2024-08-05T00:26:39.111Z

Reserved: 2019-08-10T00:00:00

Link: CVE-2019-14823

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-10-14T20:15:10.540

Modified: 2024-11-21T04:27:26.320

Link: CVE-2019-14823

cve-icon Redhat

Severity : Important

Publid Date: 2019-10-14T12:00:00Z

Links: CVE-2019-14823 - Bugzilla