CVE-2021-45036

CVSS v3.1

8.7

High

Vector

AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Velneo vClient version 28.1.3

Description The issue allows an attacker with knowledge of the victim's username and hashed password to spoof the victim's id against the server.

Recommendations For Velneo vClient version 28.1.3, consider restricting access to sensitive operations that rely on the victim's id until a patch is available. As a temporary workaround, ensure that the server-side validation of user identities is enhanced to prevent spoofing. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-290

Related Identifiers

CVE-2021-45036

Affected Products

Velneo Vclient

CVE-2021-45036

Weakness Enumeration

Related Identifiers

Affected Products

References · 11