oss-sec mailing list archives
Re: CVE Request: iodine: authentication bypass by client
From: cve-assign () mitre org
Date: Tue, 17 Jun 2014 22:57:42 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
iodine 0.7.0 has just been released, which fixes an authentication bypass issue
https://github.com/yarrick/iodine/commit/b715be5cf3978fbe589b03b09c9398d0d791f850
The client could bypass the password check by continuing after getting error from the server and guessing the network parameters. The server would still accept the rest of the setup and also network traffic. Add checks for normal and raw mode that user has authenticated before allowing any other communication.
Use CVE-2014-4168. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJToMEDAAoJEKllVAevmvmsNwgIAKFLSxMA6JXBvw5J+JiMJOVx W61HnD6zhcfD2/5C4mQsfZx0hnqxVQHUcbPiydWVW6oRYn/GQRrpC7JkTkEP6wSt bQdj+5krJAjiGG6ilQbHGEypdh5bZPs1rIaB0ZthnxGvEOmhJq2jO8vg+7DDoJf/ hm5rqx/BVToMCXqBjAniCJpRvnibTfBRd4n9r2wkYks4PB3wV43bI2k/UbkS3ya4 7FXWs1pFuVilJFlVRyEV4IzYb/32SU7Xl02G/8fNshczKZ0MrNqCh2OCqplUBqpN wxjsgejqOY+PGu2md035LQWDMpxP4YlgwwtWFPyD+EsPJ8384C53TXcyQ9N1fZM= =1/SN -----END PGP SIGNATURE-----
Current thread:
- CVE Request: iodine: authentication bypass by client Erik Ekman (Jun 16)
- Re: CVE Request: iodine: authentication bypass by client cve-assign (Jun 17)