PT-2021-4270 · Quassel+1 · Quassel+1

Chris Egeland

Published

2021-06-17

Updated

2022-07-12

CVE-2021-34825

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Quassel versions prior to 0.13.1

Description The issue is related to the --require-ssl parameter, which can cause Quassel to launch without SSL or TLS support if a usable X.509 certificate is not found on the local system. This could allow a remote attacker to access confidential data.

Recommendations For versions prior to 0.13.1, ensure that a usable X.509 certificate is properly configured on the local system to prevent Quassel from launching without SSL or TLS support. As a temporary workaround, consider disabling the --require-ssl parameter until a proper certificate is configured.

Exploit

Fix

Cleartext Transmission of Sensitive Information

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319CWE-311

Related Identifiers

BDU:2021-04878

CVE-2021-34825

MGASA-2021-0382

Affected Products

Debian

Quassel

PT-2021-4270 · Quassel+1 · Quassel+1

CVE-2021-34825

Weakness Enumeration

Related Identifiers

Affected Products

References · 19