UpdateHub Module Explicitly Disables TLS Verification

Description

The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking.

See NCC-NCC-018

Environment

None

Assignee

David Brown

Reporter

David Brown

Labels

None

Authorized viewers

Robert Lubos

CVE

CVE-2020-10059

Embargo Lift

2020/05/01

Components

Affects versions

Priority

Low
Configure