search

github / securitylab

Resources related to GitHub Security Lab
https://securitylab.github.com
MIT License
1.42k stars 246 forks source link

C#: Add query for insecure certificate validation #838

Closed intrigus-lgtm closed 3 weeks ago

intrigus-lgtm commented 5 months ago

Query PR

https://github.com/github/codeql/pull/16824

Language

C#

CVE(s) ID list

CVE in disclosure process

CWE

CWE-295

Report

If a RemoteCertificateValidationCallback delegate always returns true and is used in e.g. ServicePointManager.ServerCertificateValidationCallback, it trusts any certificate. As the RemoteCertificateValidationCallback trusts any certificate, an attacker can create a self-signed certificate that will be accepted as any certificate is trusted. This leads to a MiTM attack against the connection thereby stealing sensitive secrets such as login data or other tokens is possible.

Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).

Blog post link

No response

xcorail commented 3 weeks ago

Created Hackerone report 2817126 for bounty 635269 : [838] C#: Add query for insecure certificate validation

xcorail commented 3 weeks ago

Hey @intrigus-lgtm don't forget to claim your reward, the program is shutting down soon!