Python 'ssl. match_hostname () 'function ssl certificate verification security measure Bypass Vulnerability

Release date:
Updated on:

Affected Systems:
Python python 3.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 63915

Python is an object-oriented, literal translation computer programming language.

Python has a security bypass vulnerability in the implementation of the function ssl. match_hostname (). Attackers can exploit this vulnerability to perform man-in-the-middle attacks or simulate trusted servers.

<* Source: Christian Heimes
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Python
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Www.python.org

Python details: click here
Python: click here

Recommended reading:

Python development technology details. (Zhou Wei, Zong Jie). [hd PDF scan version + book guide video + code]

Obtain Linux information using a Python script

Python website file and database backup script

Python File Processing: Reading files

How to publish custom Python modules

Python crawler multi-thread crawling Proxy Server

Detailed description of the re (Regular Expression) module in Python