| 제목 | Cesanta Mongoose 7.20 Authorization Bypass |
|---|
| 설명 | secp384r1 (P-384) Certificate Verification Bypass in Mongoose v7.20 mTLS
mg_tls_verify_cert_signature() returns 1 without checking when the issuer CA has a P-384 public key (96 bytes). This means ANY such client certificate is accepted by an mTLS server,
https://github.com/cesanta/mongoose/blob/master/mongoose.c#L14080
### Impact
mTLS based authentication bypass.
### Disclosure
Vendor contacted Feb 26 and CONFIRMED the vulnerability.
### Exploit
Due to the nature of the library, I could not target a single device or hardware configuration, so I had to create one myself via qemu.
[redacted] |
|---|
| 사용자 | the_evilsocket (UID 96063) |
|---|
| 제출 | 2026. 03. 02. PM 05:41 (1 월 ago) |
|---|
| 모더레이션 | 2026. 04. 02. AM 09:43 (1 month later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 354827 [Cesanta Mongoose 까지 7.20 P-384 Public Key mongoose.c mg_tls_verify_cert_signature 권한 상승] |
|---|
| 포인트들 | 17 |
|---|