tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC.
CVSS Score
5.0
EPSS Score
0.003
Published
2002-12-31
tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into user sessions by sniffing and replaying packets.
CVSS Score
5.0
EPSS Score
0.004
Published
2001-12-31