The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Information
Published : 2011-08-29 13:55
Updated : 2018-10-10 13:09
NVD link : CVE-2011-0228
Mitre link : CVE-2011-0228
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
apple
- iphone_os