PRIOn knowledge basePRION:CVE-2018-16758

HistoryOct 10, 2018 - 9:29 p.m.

Authentication flaw

2018-10-1021:29:00

PRIOn knowledge base

www.prio-n.com

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.9%

JSON

Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets.

CPENameOperatorVersion
debian_linuxeq9.0
starwind_virtual_saneqv8 build12533
starwind_virtual_saneqv8 build12658
tincle1.0.34

Name	Operator	Version
debian_linux	eq	9.0
starwind_virtual_san	eq	v8 build12533
starwind_virtual_san	eq	v8 build12658
tinc	le	1.0.34

References

tinc-vpn.org/security/

www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=e97943b7cc9c851ae36f5a41e2b6102faa74193f

www.debian.org/security/2018/dsa-4312

www.starwindsoftware.com/security/sw-20190227-0003/