Botan Certificate Authentication Bypass Vulnerability
Vulnerability
A vulnerability in Botan version 3.11.0 allows for an X.509 certificate verification bypass. The issue arises in the `Certificate_Store::certificate_known` function, which inaccurately indicates that a certificate is known if its distinguished name (DN) and subject key identifier (if applicable) match those of any certificate in the store. This function does not verify that the certificates are identical. In version 3.11.0, changes to path validation logic incorrectly assumed that `certificate_known` only returned true for identical certificates. As a result, if an end entity certificate's DN (and subject key identifier, if set) matches that of a trusted root, the end entity certificate is accepted as if it were a trusted root, creating a critical trust anchor confusion.
Impact
Exploitation of this vulnerability allows an attacker to bypass X.509 certificate verification, potentially leading to unauthorized trust being granted to malicious certificates.
Remediation
Users can upgrade to Botan version 3.11.1 to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.