CVE-2011-0738

MyProxy 5.0-5.2 - Certificate Hostname and Identity Validation Bypass

Title source: llm
STIX 2.1

Description

MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation.

References (10)

Core 10
Core References
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053461.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0227
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43103
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/64830
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053473.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/45916
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/70494
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42972

Scores

EPSS 0.0158
EPSS Percentile 72.7%

Details

CWE
CWE-20
Status published
Products (6)
globus/globus_toolkit 5.0.0
globus/globus_toolkit 5.0.1
globus/globus_toolkit 5.0.2
ncsa/myproxy 5.0
ncsa/myproxy 5.1
ncsa/myproxy 5.2
Published Feb 02, 2011
Tracked Since Feb 18, 2026