Inverse · Packetfence · CVE-2012-4741
**Name of the Vulnerable Software and Affected Versions**
PacketFence versions prior to 3.3.0
**Description**
The issue concerns the RADIUS extension in PacketFence, where it uses a different user name than the one used for authentication for users with custom VLAN assignment extensions. This allows remote attackers to spoof user identities via the `User-Name` RADIUS attribute.
**Recommendations**
For versions prior to 3.3.0, update to version 3.3.0 or later to resolve the issue.