Security Advisory

CVE-2021-34433

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-08-20 17:10:10
Last updated 2024-08-04 00:12:50
Assigner eclipse
State PUBLISHED

Description

In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server sides signature on the client side, if that signature is not included in the servers ServerKeyExchange.