Jesús Ródenas Huerta

**Name of the Vulnerable Software and Affected Versions** Velneo vClient version 28.1.3 **Description** The issue allows an attacker with knowledge of the victim's `username` and hashed `password` to spoof the victim's id against the server. **Recommendations** For Velneo vClient version 28.1.3, consider restricting access to sensitive operations that rely on the victim's id until a patch is available. As a temporary workaround, ensure that the server-side validation of user identities is enhanced to prevent spoofing. At the moment, there is no information about a newer version that contains a fix for this vulnerability.