CVE-2021-45036

Sažetak

Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.

Reference

https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps
https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver
https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps
https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena
https://velneo.es/mivelneo/listado-de-cambios-velneo-32/
https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0
https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32

CVSS

Base:	7.4
Impact:	5.2
Exploitability:	2.2

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Zadnje važnije ažuriranje

16-09-2024 - 18:15

Objavljeno

28-11-2022 - 16:15