wolfSSL wolfssl-py
Moderate fix1 remedy
cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 5.8.2
wolfSSL Python Package Client Certificate Verification Vulnerability
Vulnerability
Patched
A vulnerability exists in the wolfSSL Python package (wolfssl-py) in versions through 5.8.2, where the verify_mode set to CERT_REQUIRED does not properly enforce client certificate requirements. The absence of the WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT flag allows connections to be authenticated even when no client certificate is presented. This flaw enables attackers to bypass mutual TLS (mTLS) client authentication by omitting a certificate during the TLS handshake.
Impact
This vulnerability leads to improper authentication in mutual TLS (mTLS) client authentication, allowing connections to be established without a client certificate when one is required.
Reproduction
To reproduce this vulnerability, set the SSL context verify_mode to CERT_REQUIRED. When a connection is made without presenting a client certificate, the server will incorrectly authenticate the connection, demonstrating the flaw in verification.
Remediation
Users can upgrade to wolfSSL Python package version 5.8.4 or later, where this vulnerability has been fixed.
Added: Jan 8, 2026, 12:21 AM
Updated: Jan 8, 2026, 12:21 AM
Vulnerability Rating
Custom Algorithm
spread
6.6impact
5.0exploitability
5.7remediation
7.7relevance
1.9threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.