Improper Authentication

Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Improper Authentication via the inbound policy check. An attacker can gain unauthorized access to the voice-call agent by placing calls with empty or manipulated caller IDs that bypa...

OpenClaw has an inbound allowlist policy bypass in voice-call extension (empty caller ID + suffix matching)

Summary An authentication bypass in the optional voice-call extension/plugin allowed unapproved or anonymous callers to reach the voice-call agent when inbound policy was set to allowlist or pairing. Deployments that do not install/enable the voice-call extension are not affected. Affected Packag...

GHSA-4RJ2-GPMH-QQ5X OpenClaw has an inbound allowlist policy bypass in voice-call extension (empty caller ID + suffix matching)

Summary An authentication bypass in the optional voice-call extension/plugin allowed unapproved or anonymous callers to reach the voice-call agent when inbound policy was set to allowlist or pairing. Deployments that do not install/enable the voice-call extension are not affected. Affected Packag...

BSD: IPv4 forwarding doesn't consult inbound SPD in KAME-derived IPsec

IPv4 forwarding doesn't consult inbound SPD in KAME-derived IPsec Greg Troxel [email protected] Bill Chiarchiaro [email protected] 2002-02-24 SUMMARY NetBSD 1.5.2 and -current, FreeBSD 4.5 and -current, and the KAME versions of NetBSD and FreeBSD fail to perform inbound policy checks on packets...