6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
85.3%
The myuser_delete function in libathemecore/account.c in Atheme 5.x before
5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly
clean up CertFP entries when a user is deleted, which allows remote
attackers to access a different user account or cause a denial of service
(daemon crash) via a login as a deleted user.