If a RemoteCertificateValidationCallback delegate always returns true and is used in e.g. ServicePointManager.ServerCertificateValidationCallback, it trusts any certificate.
As the RemoteCertificateValidationCallback trusts any certificate, an attacker can create a self-signed certificate that will be accepted as any certificate is trusted. This leads to a MiTM attack against the connection thereby stealing sensitive secrets such as login data or other tokens is possible.
Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Query PR
https://github.com/github/codeql/pull/16824
Language
C#
CVE(s) ID list
CVE in disclosure process
CWE
CWE-295
Report
If a
RemoteCertificateValidationCallbackdelegate always returnstrueand is used in e.g.ServicePointManager.ServerCertificateValidationCallback, it trusts any certificate. As the RemoteCertificateValidationCallback trusts any certificate, an attacker can create a self-signed certificate that will be accepted as any certificate is trusted. This leads to a MiTM attack against the connection thereby stealing sensitive secrets such as login data or other tokens is possible.Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Blog post link
No response