Tenable SecurityCenter Alternative Certificate Validation Bypass Vulnerability (TNS-2015-08)
Medium Nessus Plugin ID 85565
SynopsisThe remote application is affected by a certificate validation bypass vulnerability.
DescriptionThe SecurityCenter application installed on the remote host is affected by a certificate validation bypass vulnerability in the bundled OpenSSL library. The library is version 1.0.1n or later and prior to 1.0.1p. It is, therefore, affected by a flaw in the X509_verify_cert() function that is triggered when locating alternate certificate chains in cases where the first attempt to build such a chain fails. A remote attacker can exploit this to cause certain certificate checks to be bypassed, resulting in an invalid certificate being considered valid.
SolutionApply the relevant patch referenced in the vendor advisory.