CVE-2018-21246: Caddy vulnerable to Authentication Bypass due to mishandling of TLS client authentication

Severity: Critical

CVSS Score: 9.8

Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.