Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets.
CVSS Score
5.9
EPSS Score
0.003
Published
2018-10-10
tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation.
CVSS Score
5.3
EPSS Score
0.004
Published
2018-10-10