Main Vulnerability Database Vulnerabilities #VU125769

#VU125769 Improper Authentication in otp - CVE-2020-35733

Published: April 10, 2026

Vulnerability identifier: #VU125769

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-35733

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
otp

Software vendor:
erlang

Description

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper authentication in the ssl component when validating a certificate chain that includes a trusted root certificate. A remote attacker can present a fake certificate chain to disclose sensitive information.

The issue only occurs under conditions when the root certificate is sent in the chain.

Remediation

Install security update from vendor's website.

External links

https://github.com/erlang/otp/security/advisories/GHSA-3rgm-p3c6-g54m

#VU125769 Improper Authentication in otp - CVE-2020-35733

Description

Remediation

External links

Please verify you're human