Skip to content

SECURITY: PostgresClientKit processes unencrypted bytes from man-in-the-middle #35

New issue
New issue
Closed
Closed
SECURITY: PostgresClientKit processes unencrypted bytes from man-in-the-middle#35
Labels
bugSomething isn't working
@pitfield

Description

@pitfield
pitfield
opened on Nov 11, 2021

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.

Similar issue to CVE-2021-23222.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions