Tag

Certificate

2 briefs RSS

GitHub SSH Certificate Configuration Changed

Attackers can modify SSH certificate configurations in GitHub organizations to gain unauthorized access, persist in the environment, escalate privileges, and operate stealthily.

Github ssh certificate initial-access persistence privilege-escalation stealth t1078.004

2r 4t Nov 2, 2024

high advisory

rust-openssl X509Ref::ocsp_responders Undefined Behavior Vulnerability

2 rules 1 TTP

The `X509Ref::ocsp_responders` function in rust-openssl versions 0.9.7 to 0.10.78 returns OCSP responder URLs from a certificate's AIA extension without proper UTF-8 validation, leading to undefined behavior when processing certificates with non-UTF-8 OCSP URLs.

openssl vulnerability rust certificate

2r 1t Jan 3, 2024