tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1.
References
Link | Resource |
---|---|
http://tinc-vpn.org/security/ | Vendor Advisory |
http://www.tinc-vpn.org/git/browse?p=tinc%3Ba=commit%3Bh=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a | |
https://www.debian.org/security/2018/dsa-4312 | Third Party Advisory |
https://www.starwindsoftware.com/security/sw-20190227-0002/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 02:53
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
25 Oct 2022, 16:52
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.starwindsoftware.com/security/sw-20190227-0002/ - Third Party Advisory | |
CPE | cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12533:*:*:*:vsphere:*:* cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12658:*:*:*:vsphere:*:* |
|
First Time |
Starwindsoftware starwind Virtual San
Starwindsoftware |
11 Oct 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (CONFIRM) http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a - Mitigation, Mailing List, Vendor Advisory |
Information
Published : 2018-10-10 21:29
Updated : 2023-12-10 12:44
NVD link : CVE-2018-16738
Mitre link : CVE-2018-16738
CVE.ORG link : CVE-2018-16738
JSON object : View
Products Affected
tinc-vpn
- tinc
debian
- debian_linux
starwindsoftware
- starwind_virtual_san
CWE
CWE-287
Improper Authentication