Session Replay Attack
libosdp is vulnerable to a Session Replay Attack. The vulnerability is due to the lack of validation for RMACI messages in response to osdpSCRYPT, and the allowance of SCS14 on encrypted connections. Attackers with man-in-the-middle access can intercept RMACI replies during a session and replay...