The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate.
References
Configurations
History
No history.
Information
Published : 2015-10-09 05:59
Updated : 2025-04-12 10:46
NVD link : CVE-2015-5894
Mitre link : CVE-2015-5894
CVE.ORG link : CVE-2015-5894
JSON object : View
Products Affected
apple
- mac_os_x
CWE
CWE-17
DEPRECATED: Code