Icinga 2 certificate renewal might incorrectly renew an invalid certificate

Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate() function can be tricked into incorrectly treating certificates as valid. This allows an attacker to send a malicious certificate request that is then treated as a renewal of an already existing certificate, resulting in the attacker obtaining a valid certificate that can be used to impersonate trusted nodes. This only occurs when Icinga 2 is built with OpenSSL older than version 1.1.0. This issue has been patched in versions 2.12.12, 2.13.12, and 2.14.6.

N/A

证书信任链回溯不恰当

Icinga 安全漏洞

Icinga是德国Icinga公司的一套可扩展的服务器、网络资源监控系统。 Icinga 2 2.12.12之前版本、2.13.12之前版本和2.14.6之前版本存在安全漏洞，该漏洞源于VerifyCertificate函数可能错误验证证书。

N/A

N/A