CVE-2026-48248
Open ISES Tickets TLS Certificate Verification Bypass
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open_ises_tickets | open_ises_tickets | to 3.44.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability disables TLS certificate verification during the login and authentication process, allowing an attacker to intercept, monitor, or modify sensitive data such as API keys or session tokens in transit.
Such exposure of sensitive data in transit can lead to non-compliance with common security requirements in standards and regulations like GDPR and HIPAA, which mandate the protection of personal and sensitive information during transmission.
Therefore, the vulnerability increases the risk of data breaches and unauthorized data access, potentially violating these regulations' requirements for data confidentiality and integrity.
Can you explain this vulnerability to me?
Open ISES Tickets versions before 3.44.2 have a vulnerability where TLS certificate verification is disabled in the file incs/login.inc.php. Specifically, the software sets CURLOPT_SSL_VERIFYPEER to false and does not set CURLOPT_SSL_VERIFYHOST during outbound HTTPS requests in the login and authentication process.
This means that when the software makes HTTPS requests during login, it does not properly verify the server's TLS certificate, allowing an attacker positioned on the network path to present a forged certificate.
As a result, the attacker can intercept, monitor, or modify the requests and responses, potentially exposing sensitive data such as API keys or session tokens transmitted during authentication.
How can this vulnerability impact me? :
This vulnerability can allow an attacker who is able to intercept network traffic between your server and remote endpoints to perform a man-in-the-middle attack.
The attacker can present a forged TLS certificate to intercept, monitor, or modify HTTPS requests and responses during the login and authentication process.
This could lead to exposure of sensitive information such as API keys or session tokens, which could be used to gain unauthorized access or compromise user accounts.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves disabled TLS certificate verification in the file incs/login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false during outbound HTTPS requests in the login/authentication flow.
To detect this vulnerability on your system, you can inspect the source code of the Open ISES Tickets installation, specifically the incs/login.inc.php file, to check if CURLOPT_SSL_VERIFYPEER is set to false and if CURLOPT_SSL_VERIFYHOST is not set.
On the network, detection is more challenging because the vulnerability allows interception of HTTPS traffic with forged certificates. However, you can monitor for unusual TLS handshake behaviors or unexpected certificates presented during HTTPS requests from the server.
Suggested commands include searching the codebase for the relevant curl options, for example using grep:
- grep -rn "CURLOPT_SSL_VERIFYPEER" /path/to/open-ises-tickets/
- grep -rn "CURLOPT_SSL_VERIFYHOST" /path/to/open-ises-tickets/
Additionally, you can use network monitoring tools like Wireshark to analyze HTTPS traffic for suspicious certificates or use curl commands with verbose output to test the server's HTTPS requests.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to upgrade Open ISES Tickets to version 3.44.2 or later, where this vulnerability has been fixed.
If upgrading immediately is not possible, you should manually modify the incs/login.inc.php file to ensure that TLS certificate verification is properly enabled by setting CURLOPT_SSL_VERIFYPEER to true and also setting CURLOPT_SSL_VERIFYHOST appropriately during outbound HTTPS requests.
This will prevent attackers from intercepting or modifying HTTPS requests by presenting forged certificates.
Additionally, review your network security to detect and block potential man-in-the-middle attacks.