In this post, we'll deep dive into some interesting attacks on mTLS authentication. We'll have a look at implementation vulnerabilities and how developers can make their mTLS systems vulnerable to user impersonation, privilege escalation, and information leakages.
The Log4j vulnerabilities which were shown in the last several days is not only concerning by how widespread it is, but also how deeply embedded it is in the software we use and how difficult it is to detect.