Primary

Context

Sunbird-Ed SunbirdEd-portal Improper Certificate Validation Vulnerability

Vulnerability

A vulnerability in Sunbird-Ed SunbirdEd-portal version 1.13.4 allows attackers to intercept sensitive information by disabling TLS/SSL certificate validation. This is achieved by setting 'rejectUnauthorized' to false in HTTP request options, which could enable man-in-the-middle attacks.

Impact

Exploitation of this vulnerability could lead to interception of sensitive data and spoofing of servers, allowing attackers to impersonate legitimate services.

Reproduction

To reproduce this vulnerability, install SunbirdEd-portal version 1.13.4. After installation, the application will disable TLS/SSL certificate validation by default, allowing for man-in-the-middle attacks. This can be verified by intercepting HTTP requests and observing that sensitive data is not protected by encryption.

Added: Feb 11, 2026, 6:24 PM

Updated: Feb 11, 2026, 6:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

2.9

threat

1.6

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

2.9

threat

1.6

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sunbird-Ed SunbirdEd-portal Improper Certificate Validation Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating