Sunshine · Sunshine · CVE-2024-45407
Name of the Vulnerable Software and Affected Versions:
Sunshine (affected versions not specified)
Description:
The issue occurs when clients experience a Man-in-the-Middle (MITM) attack during the pairing process. This may allow access to an unintended client rather than failing authentication due to a PIN validation error. The pairing attempt fails due to the incorrect PIN, but the certificate from the forged pairing attempt is incorrectly persisted prior to the completion of the pairing request. This allows access to the certificate belonging to the attacker.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.