Security News > 2017 > December > Security Vulnerabilities in Certificate Pinning
2017-12-08 12:15
New research found that many banks offer certificate pinning as a security feature, but fail to authenticate the hostname. This leaves the systems open to man-in-the-middle attacks. From the paper: Abstract: Certificate verification is a crucial stage in the establishment of a TLS connection. A common security flaw in TLS implementations is the lack of certificate hostname verification but, in...
News URL
https://www.schneier.com/blog/archives/2017/12/security_vulner_10.html