Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 9.0 | |
starwind_virtual_san | eq | v8 build12533 | |
starwind_virtual_san | eq | v8 build12658 | |
tinc | le | 1.0.34 |