Vulnerability Summary
HackerOne disclosed report --> https://hackerone.com/reports/3558277 by uv3doble
set_tlsext_servername_callback allows Security Bypass via Unhandled ExceptionsThe pyopenssl library exhibits a Fail-Open vulnerability in its handling of the Server Name Indication (SNI) callback (set_tlsext_servername_callback). The internal wrapper for this callback catches all Python exceptions raised by user code but returns 0 (Success/SSL_TLSEXT_ERR_OK) to the underlying OpenSSL engine.
This behavior allows a TLS connection to be successfully established even when the security validation logic inside the callback crashes or raises an exception, potentially bypassing critical access controls or authentication mechanisms implemented at the SNI layer.
In src/OpenSSL/SSL.py, the set_tlsext_servername_callback method wraps the user-provided function with a decorator that does not explicitly handle exceptions to signal failure:
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3475626 by dphoeniixx
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3584903 by nobcoder
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3426417 by sy2n0
No comments yet.
Be the first to share your thoughts
Log in to join the discussion.
Sign In