CVE-2023-28126

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Avalanche versions 6.3.x and below

Description An authentication bypass issue exists that could allow an attacker to gain access by exploiting the SetUser method or by exploiting a Race Condition in the authentication message.

Recommendations For Avalanche versions 6.3.x and below, consider disabling the SetUser method until a patch is available to prevent exploitation of the authentication bypass vulnerability. Restrict access to authentication messages to minimize the risk of exploiting the Race Condition. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-305

Related Identifiers

CVE-2023-28126

ZDI-23-454

Affected Products

Avalanche

CVE-2023-28126

Weakness Enumeration

Related Identifiers

Affected Products

References · 7