Description

A flaw was found in Botan, a C++ cryptography library. Due to a misleading function name and an assumption in path validation logic, an end entity certificate could be incorrectly accepted as a trusted root. This occurs when the end entity certificate's Distinguished Name (DN) and Subject Key Identifier (SKI) match those of any trusted root certificate in the store, even if the certificates are not identical. This vulnerability allows for a bypass of certificate validation, potentially enabling an attacker to present a malicious certificate that is trusted by the system.

Mitigation

Aliases