Vulnerability Details CVE-2014-4168
(1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote attackers to bypass authentication by continuing execution after an error has been triggering.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.4%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/59417
- http://www.debian.org/security/2014/dsa-2964
- http://www.openwall.com/lists/oss-security/2014/06/16/5
- http://www.openwall.com/lists/oss-security/2014/06/18/1
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751834
- https://github.com/yarrick/iodine/blob/b715be5cf3978fbe589b03b09c9398d0d791f850/CHANGELOG
- http://secunia.com/advisories/59417
- http://www.debian.org/security/2014/dsa-2964
- http://www.openwall.com/lists/oss-security/2014/06/16/5
- http://www.openwall.com/lists/oss-security/2014/06/18/1
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751834
- https://github.com/yarrick/iodine/blob/b715be5cf3978fbe589b03b09c9398d0d791f850/CHANGELOG
Products affected by CVE-2014-4168
-
cpe:2.3:a:kryo:iodine:0.3.0
-
cpe:2.3:a:kryo:iodine:0.3.1
-
cpe:2.3:a:kryo:iodine:0.3.2
-
cpe:2.3:a:kryo:iodine:0.3.3
-
cpe:2.3:a:kryo:iodine:0.3.4
-
cpe:2.3:a:kryo:iodine:0.4.0
-
cpe:2.3:a:kryo:iodine:0.4.1
-
cpe:2.3:a:kryo:iodine:0.4.2
-
cpe:2.3:a:kryo:iodine:0.5.0
-
cpe:2.3:a:kryo:iodine:0.5.1
-
cpe:2.3:a:kryo:iodine:0.5.2
-
cpe:2.3:a:kryo:iodine:0.6.0