Impact
In OCaml‑TLS versions older than 2.1.0, the server does not properly enforce certificate usage limits when authenticating clients. This weakness permits an attacker to supply a certificate that is not intended for client authentication, such as one lacking the proper KeyUsage or ExtendedKeyUsage extensions. By doing so, the attacker can pose as a legitimate client to the server, potentially gaining unauthorized access to services and data protected by client TLS authentication, thereby compromising confidentiality and integrity.
Affected Systems
Any installation of the OCaml‑TLS library that performs client authentication and is running a version prior to 2.1.0. Users of the 1.x or 2.0.x series should verify their runtime environment is affected.
Risk and Exploitability
The CVSS score of 7.4 indicates medium‑to‑high severity, while the EPSS score of less than 1% shows the current likelihood of exploitation is low but not zero. The likely attack vector is from the network: an adversary that can initiate a TLS connection to the server can supply a client certificate that lacks proper KeyUsage or ExtendedKeyUsage extensions. The server accepts such certificates without enforcing usage limits, allowing the attacker to impersonate a legitimate client and access services protected by client authentication. Although the vulnerability is not listed in CISA’s KEV catalog, its potential impact warrants prompt attention.
OpenCVE Enrichment