Описание
Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.
Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-45036
- https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps
- https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver
- https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps
- https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena
- https://velneo.es/mivelneo/listado-de-cambios-velneo-32
- https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authentication-0
- https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0
- https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32
Связанные уязвимости
CVSS3: 8.7
nvd
около 3 лет назад
Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.