Artsploit

get shell or die trying

Tuesday, August 22, 2023

mTLS: When certificate authentication is done wrong

https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/

In 2023 I spent some time researching x509 certificate authentication, which resulted in a number of vulnerabilities in open source projects. The details are in the article I wrote at GitHub. 

Posted by Michael Stepankin at 5:11:00 AM
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Newer Posts Older Posts Home
Subscribe to: Posts (Atom)

Whoami

Michael Stepankin
@artsploit
artsploit [at] gmail.com
https://github.com/artsploit/ https://portswigger.net/research/michael-stepankin

Popular Posts

Blog Archive

  • ►  2024 (1)
    • ►  October (1)
  • ▼  2023 (1)
    • ▼  August (1)
      • mTLS: When certificate authentication is done wrong
  • ►  2021 (2)
    • ►  June (1)
    • ►  March (1)
  • ►  2020 (1)
    • ►  September (1)
  • ►  2019 (3)
    • ►  August (1)
    • ►  February (1)
    • ►  January (1)
  • ►  2016 (2)
    • ►  August (1)
    • ►  January (1)

Labels

  • #bugbounty
  • #paypal
  • #RCE
Powered by Blogger.