The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published: 2015-10-09T01:00:00

Updated: 2024-08-06T07:06:34.420Z

Reserved: 2015-08-06T00:00:00

Link: CVE-2015-5894

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2015-10-09T05:59:27.140

Modified: 2024-11-21T02:34:04.670

Link: CVE-2015-5894

cve-icon Redhat

No data.