Endpoint Vulnerability

CVE-2019-14823JSS: OCSP policy 'Leaf and Chain' implicitly trusts the root certificate

Description

A flaw was found in the 'Leaf and Chain' OCSP policy implementation in JSS' CryptoManager, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.

Affected Products

JSS

References

CVE-2019-14823,