CWE-593Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created

PUBLISHEDweakness record
released 2006-12-15 · last modified 2025-12-11

Metadata

CWE ID:
CWE-593
摘要:
Variant
结构:
Simple
状态:
Draft
发布日期:
2006-12-15
更新日期:
2025-12-11

名称

Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created

描述

The product modifies the SSL context after connection creation has begun.

If the program modifies the SSL_CTX object after creating SSL objects from it, there is the possibility that older SSL objects created from the original context could all be affected by that change.

常见后果

范围:
Access Control
影响:
Bypass Protection Mechanism
注释:
No authentication takes place in this process, bypassing an assumed protection of encryption.
范围:
Confidentiality
影响:
Read Application Data
注释:
The encrypted communication between a user and a trusted host may be subject to a sniffing attack.

相关 CWE