PT-2012-5567 · Inverse · Packetfence
Rich Graves
·
Publicado
2012-08-31
·
Atualizado
2017-08-29
·
CVE-2012-4741
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
PacketFence versions prior to 3.3.0
Description
The issue concerns the RADIUS extension in PacketFence, where it uses a different user name than the one used for authentication for users with custom VLAN assignment extensions. This allows remote attackers to spoof user identities via the
User-Name RADIUS attribute.Recommendations
For versions prior to 3.3.0, update to version 3.3.0 or later to resolve the issue.
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Packetfence