CVE-2021-34433
HIGHEclipse Californium <2.6.4 & 3.0.0-M1-M3 - SSL/TLS Verification Bypass
Title source: llmDescription
In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugs.eclipse.org/bugs/show_bug.cgi?id=575281
Scores
CVSS v3
7.5
EPSS
0.0005
EPSS Percentile
15.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-322
CWE-347
Status
published
Products (2)
eclipse/californium
3.0.0 m1 (3 CPE variants)
eclipse/californium
2.0.0 - 2.6.5
Published
Aug 20, 2021
Tracked Since
Feb 18, 2026