Headline
CVE-2020-26117: Properly store certificate exceptions in Java viewer · TigerVNC/tigervnc@20dea80
In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception.
Permalink
Browse files
Properly store certificate exceptions in Java viewer
Like the native viewer, the Java viewer didn’t store certificate exceptions properly. Whilst not as bad as the native viewer, it still failed to check that a stored certificate wouldn’t be maliciously used for another server. In practice this can in most cases be used to impersonate another server.
Handle this like the native viewer by storing exceptions for a specific hostname/certificate combination.
(cherry picked from commit f029745)
- Loading branch information
Related news
Gentoo Linux Security Advisory 202407-14 - Multiple vulnerabilities have been discovered in TigerVNC, the worst of which could lead to remote code execution. Versions greater than or equal to 1.12.0-r2 are affected.
Ubuntu Security Notice 5965-1 - It was discovered that TigerVNC mishandled TLS certificate exceptions. An attacker could use this vulnerability to impersonate any server after a client had added an exception and obtain sensitive information.