Impact
A TLS 1.3 server using wolfSSL can accept the client’s Finished message even when the client has not provided a Certificate or CertificateVerify after a post‑handshake CertificateRequest. This bypasses the intended authentication step, allowing an unauthenticated client to proceed through the handshake and potentially gain unauthorized access to protected services, thereby exposing the confidentiality and integrity of the session. The weakness is a CWE‑287 authentication failure.
Affected Systems
The flaw impacts wolfSSL servers that are compiled with post‑handshake authentication support (WOLFSSL_POST_HANDSHAKE_AUTH or the enable‑all option) and that request a client certificate after the initial handshake via wolfSSL_request_certificate(). Clients and servers that do not use post‑handshake authentication are unaffected. No specific product version is listed, so all builds that enable the feature may be vulnerable.
Risk and Exploitability
The CVSS score of 6 indicates moderate risk, and the vulnerability is not listed in CISA’s KEV catalog. An attacker can exploit the issue from the client side1.3 session with a vulnerable server, causing the server to accept a Finished message without authenticating the client. Because the flaw does not require special privileges, a remote attacker can trigger it simply by connecting to the server and requesting a post‑handshake certificate. The vulnerability is mitigated in newer versions of wolfSSL where the Finished validation is scoped to the initial handshake only.
OpenCVE Enrichment
Debian DLA