41 matches found
CVE-2012-4566
The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spo...
CVE-2012-4566
The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spo...
DEBIAN-CVE-2012-4566
The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spo...
CVE-2012-4523
radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients...
Design/Logic Flaw
radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients...
CVE-2012-4523
radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients...
CVE-2012-4566
The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spo...
Design/Logic Flaw
The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spo...
CVE-2012-4566
The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spo...
CVE-2012-4523
radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients...
CVE-2012-4523
Radsecproxy vulnerable to CVE-2012-4523: in 1.6.1 and earlier, certificate verification can bypass restrictions when configuration blocks include CA settings not related to the used verification block, enabling potential client spoofing. Root cause: improper certificate-chain verification across ...
CVE-2012-4523
radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients...
CVE-2012-4566
The CVE-2012-4566 issue affects radsecproxy DTLS, where DTLS certificate verification can fail when multiple CA blocks exist and are unrelated to the verification chain, potentially allowing remote attackers to bypass access restrictions and spoof clients. Affected versions are radsecproxy before...
CVE-2012-4566
The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spo...
Debian Security Advisory DSA 2573-1 (radsecproxy)
The remote host is missing an update to radsecproxy announced via advisory DSA 2573-1. OpenVAS Vulnerability Test $Id: deb25731.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2573-1 radsecproxy Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
Debian: Security Advisory (DSA-2573-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
radsecproxy protection bypass
It's possible to bypass SSL certificate check under some conditions...
[SECURITY] [DSA 2573-1] radsecproxy security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2573-1 [email protected] http://www.debian.org/security/ Luciano Bello November 10, 2012 http://www.debian.org/security/faq -...
Debian DSA-2573-1 : radsecproxy - SSL certificate verification weakness
Ralf Paffrath reported that Radsecproxy, a RADIUS protocol proxy, mixed up pre- and post-handshake verification of clients. This vulnerability may wrongly accept clients without checking their certificate chain under certain configurations. Raphael Geissert spotted that the fix for CVE-2012-4523...
[SECURITY] [DSA 2573-1] radsecproxy security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2573-1 [email protected] http://www.debian.org/security/ Luciano Bello November 10, 2012 http://www.debian.org/security/faq -...