Vulnerability CVE-2014-4168


Published: 2014-07-03

Description:
(1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote attackers to bypass authentication by continuing execution after an error has been triggering.

Type:

CWE-287

(Improper Authentication)

Vendor: KRYO
Product: Iodine 
Version:
0.6.0
0.5.2
0.5.1
0.5.0
0.4.2
0.4.1
0.4.0
0.3.4
0.3.3
0.3.2
0.3.1
0.3.0

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
https://github.com/yarrick/iodine/blob/b715be5cf3978fbe589b03b09c9398d0d791f850/CHANGELOG
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751834
http://www.openwall.com/lists/oss-security/2014/06/18/1
http://www.openwall.com/lists/oss-security/2014/06/16/5
http://www.debian.org/security/2014/dsa-2964
http://secunia.com/advisories/59417

Copyright 2019, cxsecurity.com

 

Back to Top