Authentication flaw

2012-06-1315:55:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.7%

JSON

The agent in Bradford Network Sentry before 5.3.3 does not require authentication for messages, which allows remote attackers to trigger the display of arbitrary text on a workstation via a crafted packet to UDP port 4567, as demonstrated by a replay attack.

CPENameOperatorVersion
network_sentry_applianceeq500.0.0-rx-ns
network_sentry_applianceeq500.0.0-x-ns
network_sentry_appliance_softwarele5.3

Name	Operator	Version
network_sentry_appliance	eq	500.0.0-rx-ns
network_sentry_appliance	eq	500.0.0-x-ns
network_sentry_appliance_software	le	5.3

References

www.kb.cert.org/vuls/id/709939

www.kb.cert.org/vuls/id/MAPG-8TJKAF

na3.salesforce.com/sfc/