Описание
The RADIUS extension in PacketFence before 3.3.0 uses a different user name than is used for authentication for users with custom VLAN assignment extensions, which allows remote attackers to spoof user identities via the User-Name RADIUS attribute.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.2.0 (включая)
cpe:2.3:a:packetfence:packetfence:*:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00299
Низкий
5 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
больше 3 лет назад
The RADIUS extension in PacketFence before 3.3.0 uses a different user name than is used for authentication for users with custom VLAN assignment extensions, which allows remote attackers to spoof user identities via the User-Name RADIUS attribute.
EPSS
Процентиль: 53%
0.00299
Низкий
5 Medium
CVSS2
Дефекты
CWE-287