Bug#944666: jconsole does not verify the domain name nor check whether the CA is trusted

On Wed, 13 Nov 2019 15:55:18 +0100 Laurent Bigonville wrote: > Hi, > > Except if I'm severly mistaken, it seems that jconsole does not verify the > domain name nor check whether the CA is trusted when connecting to a JVM > that has SSL enabled for JMX. > > This can lead to MITM and stealing of

Bug#944666: jconsole does not verify the domain name nor check whether the CA is trusted

Package: openjdk-11-jdk Version: 11.0.5+10-2 Severity: important File: /usr/lib/jvm/java-11-openjdk-amd64/bin/jconsole Tags: security Hi, Except if I'm severly mistaken, it seems that jconsole does not verify the domain name nor check whether the CA is trusted when connecting to a JVM that has SS