Описание
Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets.
Ссылки
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.34 (включая)
cpe:2.3:a:tinc-vpn:tinc:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Конфигурация 3
Одно из
cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12533:*:*:*:vsphere:*:*
cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12658:*:*:*:vsphere:*:*
EPSS
Процентиль: 38%
0.00163
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 5.9
ubuntu
больше 7 лет назад
Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets.
CVSS3: 5.9
debian
больше 7 лет назад
Missing message authentication in the meta-protocol in Tinc VPN versio ...
CVSS3: 5.9
github
больше 3 лет назад
Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets.
EPSS
Процентиль: 38%
0.00163
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-306