CVE-2022-25640 PoC — Wolfssl 信任管理问题漏洞

Source

https://github.com/dim0x69/cve-2022-25640-exploit

Associated Vulnerability

Title:Wolfssl 信任管理问题漏洞 (CVE-2022-25640)
Description:wolfSSL（CyaSSL）是美国wolfSSL公司的一个针对嵌入式系统开发人员使用的小的、可移植的嵌入式SSL编程库。 wolfSSL 5.2.0 之前版本存在信任管理问题漏洞，该漏洞源于TLS 1.3 服务器无法正确执行相互身份验证的要求。客户端可以简单地从握手中省略 certificate_verify 消息，并且从不提供证书。

Description

Exploitation of CVE-2020-256480 using scapy

Readme

# Exploiting CVE-2022-25640 using scapy

See [CVE-2022-25640.ipynb](CVE-2022-25640.ipynb).

CVE-2022-25640 is a vulnerability in wolfSSL before 5.2. It allows a client to circumvent mututation authentication in TLS 1.3 connections.

File Snapshot


 [4.0K]  /data/pocs/18c861c781d8a7a247d040b633655c8dfe14b668
├── [ 52K]  automaton_cli.py
├── [ 531]  client13_keylog.py
├── [8.8K]  CVE-2022-25640.ipynb
├── [4.0K]  img
│   └── [269K]  cert_request.png
├── [ 231]  README.md
└── [  12]  requirements.txt

1 directory, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!