A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-05T00:26:39.111Z

Reserved: 2019-08-10T00:00:00

Link: CVE-2019-14823

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-10-14T20:15:10.540

Modified: 2024-11-21T04:27:26.320

Link: CVE-2019-14823

cve-icon Redhat

Severity : Important

Publid Date: 2019-10-14T12:00:00Z

Links: CVE-2019-14823 - Bugzilla

cve-icon OpenCVE Enrichment

No data.