The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apple
Published: 2015-10-09T01:00:00
Updated: 2024-08-06T07:06:34.420Z
Reserved: 2015-08-06T00:00:00
Link: CVE-2015-5894
Vulnrichment
No data.
NVD
Status : Modified
Published: 2015-10-09T05:59:27.140
Modified: 2024-11-21T02:34:04.670
Link: CVE-2015-5894
Redhat
No data.