Vulnerability type
Incorrect Access Control
Attack type
Remote
Impact
Escalation of Privileges
Discoverer(s)/Credits
https://github.com/turbotankist
Description (brief; included in CVE)
TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some security restrictions in the process.
turbotankist Analyst
Vulnerability type
Incorrect Access Control
Attack type
Remote
Impact
Escalation of Privileges
Discoverer(s)/Credits
https://github.com/turbotankist
Description (brief; included in CVE)
TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some security restrictions in the process.