ID CVE-2018-16737
Summary tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
nessus via4
NASL family FreeBSD Local Security Checks
NASL id FREEBSD_PKG_A4EB38EACC0611E8ADA4408D5CF35399.NASL
description tinc-vpn.org reports : The authentication protocol allows an oracle attack that could potentially be exploited. If a man-in-the-middle has intercepted the TCP connection it might be able to force plaintext UDP packets between two nodes for up to a PingInterval period.
last seen 2018-10-11
modified 2018-10-10
plugin id 118024
published 2018-10-10
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=118024
title FreeBSD : tinc -- Buffer overflow (a4eb38ea-cc06-11e8-ada4-408d5cf35399)
refmap via4
confirm
Last major update 10-10-2018 - 17:29
Published 10-10-2018 - 17:29
Last modified 10-10-2018 - 17:29
Back to Top