Open ISES Tickets TLS Certificate Verification Vulnerability

A vulnerability exists in Open ISES Tickets versions prior to 3.44.2, where TLS certificate verification is disabled in the 'incs/functions.inc.php' file. This is achieved by setting CURLOPT_SSL_VERIFYPEER to false and not configuring CURLOPT_SSL_VERIFYHOST when making outbound HTTPS requests. As a result, an attacker on the network path can intercept, monitor, or alter the request and response, potentially compromising API keys or session data.

Impact

Exploitation of this vulnerability allows for improper certificate validation, enabling man-in-the-middle attacks that could intercept or modify sensitive data in transit.

Reproduction

The vulnerability can be reproduced by sending an outbound HTTPS request from a server running an affected version of Open ISES Tickets. The request will bypass normal TLS certificate validation, allowing an attacker to intercept or alter the communication.

Remediation

Users are advised to upgrade to Open ISES Tickets version 3.44.2 or later, where this vulnerability has been patched.