all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

mTLS: When certificate authentication is done wrong

Add to bookmarks
Aug. 17, 2023, 9:22 p.m. | Michael Stepankin

The GitHub Blog: Security News and Updates github.blog

In this post, we'll deep dive into some interesting attacks on mTLS authentication. We'll have a look at implementation vulnerabilities and how developers can make their mTLS systems vulnerable to user impersonation, privilege escalation, and information leakages.


The post mTLS: When certificate authentication is done wrong appeared first on The GitHub Blog.

attacks authentication blog certificate deep dive developers dive engineering escalation github github security lab impersonation implementation information mtls privilege privilege escalation security systems vulnerabilities vulnerable wrong

Visit resource

More from github.blog / The GitHub Blog: Security News and Updates

Introducing Artifact Attestations–now in public beta 16 hours ago | github.blog
actions artifact beta blog +7
Where does your software (really) come from? 2 days, 15 hours ago | github.blog
blog capabilities community github +11
CodeQL zero to hero part 3: Security research with CodeQL 4 days ago | github.blog
blog codeql github github security lab +6
Securing millions of developers through 2FA 1 week, 1 day ago | github.blog
2fa adoption developers ecosystem +9
Security research without ever leaving GitHub: From code scanning to CVE via Codespaces and private … 4 weeks, 1 day ago | github.blog
blog blog post code codeql +16
Gaining kernel code execution on an MTE-enabled Pixel 8 1 month, 2 weeks ago | github.blog
android app arm arm mali +22
Keeping secrets out of public repositories 2 months ago | github.blog
blog default developers github +10
How to stay safe from repo-jacking 2 months, 1 week ago | github.blog
attack blog blog post can +10
Build code security skills with the GitHub Secure Code Game 2 months, 2 weeks ago | github.blog
actions blog build challenges +18

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Data Privacy Manager m/f/d)

@ Coloplast | Hamburg, HH, DE
View on infosec-jobs.com

Cybersecurity Sr. Manager

@ Eastman | Kingsport, TN, US, 37660
View on infosec-jobs.com

KDN IAM Associate Consultant

@ KPMG India | Hyderabad, Telangana, India
View on infosec-jobs.com

Learning Experience Designer in Cybersecurity (f/m/div.) (Salary: ~113.000 EUR p.a.*)

@ Bosch Group | Stuttgart, Germany
View on infosec-jobs.com

Senior Security Engineer - SIEM

@ Samsara | Remote - US
View on infosec-jobs.com
View more jobs