An issue exists in RIPE NCC RPKI Validator 3.x prior to 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote malicious users to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent routing systems. NOTE: third parties assert that the behavior is intentionally permitted by RFC 8182
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ripe rpki validator 3 |