CVE-2026-48249
Open ISES Tickets Mobile Login TLS Certificate Verification Bypass
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
Open ISES Tickets versions before 3.44.2 have a vulnerability in the file rm/incs/mobile_login.inc.php where TLS certificate verification is disabled during the mobile login process.
Specifically, the CURLOPT_SSL_VERIFYPEER option is set to false and CURLOPT_SSL_VERIFYHOST is not set, which means outbound HTTPS requests made during the RouteMate mobile login flow do not properly validate server certificates.
This flaw allows an attacker positioned on the network path between the server and the remote endpoint to present a forged certificate and intercept, monitor, or modify the requests and responses.
Sensitive data such as API keys or session information can be exposed due to this vulnerability.
How can this vulnerability impact me? :
An attacker on the network path can exploit this vulnerability to intercept, monitor, or modify HTTPS requests and responses during the mobile login process.
This can lead to exposure of sensitive data such as API keys and session-bearing information.
Such interception can compromise user authentication and session integrity, potentially allowing unauthorized access or data manipulation.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by inspecting the source code of the Open ISES Tickets application, specifically the file rm/incs/mobile_login.inc.php, to check if the CURLOPT_SSL_VERIFYPEER option is set to false and if CURLOPT_SSL_VERIFYHOST is not set during outbound HTTPS requests in the mobile login flow.
On the network level, detection involves monitoring HTTPS requests made during the mobile login process for signs of intercepted or altered traffic, which may indicate that TLS certificate verification is disabled.
Suggested commands include using tools like curl or openssl to test the TLS connection behavior, for example:
- curl --verbose https://target-endpoint --insecure
- openssl s_client -connect target-endpoint:443 -verify_return_error
Additionally, reviewing application logs for warnings or errors related to SSL/TLS verification failures during the mobile login process can help detect the issue.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Open ISES Tickets to version 3.44.2 or later, where the TLS certificate verification issue in rm/incs/mobile_login.inc.php has been fixed.
If upgrading is not immediately possible, manually modify the source code to ensure that CURLOPT_SSL_VERIFYPEER is set to true and CURLOPT_SSL_VERIFYHOST is properly set when making outbound HTTPS requests during the mobile login flow.
Additionally, monitor network traffic for suspicious activity and consider implementing network-level protections such as TLS interception detection or using a web application firewall.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability disables TLS certificate verification during the mobile login process, allowing an attacker to intercept, monitor, or modify sensitive data such as API keys or session information in transit.
Such exposure of sensitive data can lead to non-compliance with common standards and regulations like GDPR and HIPAA, which require the protection of personal and sensitive information during transmission.
By failing to properly validate TLS certificates, the affected software increases the risk of data breaches and unauthorized data access, which are violations of these regulations' security and privacy requirements.