You are here

V-198: Red Hat Enterprise MRG Messaging Qpid Python Certificate Validation Flaw Lets Remote Users Conduct Man-in-the-Middle Attacks

July 12, 2013 - 6:00am

Addthis

PROBLEM:

A vulnerability was reported in Red Hat Enterprise MRG Messaging.

PLATFORM:

Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)

ABSTRACT:

A remote user can conduct a man-in-the-middle attack to access potentially sensitive information

REFERENCE LINKS:

SecurityTracker Alert ID:  1028774
Redhat Advisory RHSA-2013:1024-1
CVE-2013-1909

IMPACT ASSESSMENT:

Medium

DISCUSSION:

The system does not properly validate the remote server's TLS/SSL certificates. A remote user can conduct a man-in-the-middle attack to access potentially sensitive information.

The vulnerability resides in the Qpid Python client library for AMQP.

IMPACT:

Security Bypass

SOLUTION:

Vendor recommends applying current update

Addthis