Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4741

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-4741
Last Modified 18 Jan 2013 11:49:46
Published 31 Aug 2012 06:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4741

Summary

The RADIUS extension in PacketFence before 3.3.0 uses a different user name than is used for authentication for users with custom VLAN assignment extensions, which allows remote attackers to spoof user identities via the User-Name RADIUS attribute.

Vulnerable Systems

Application

  • Packetfence 3.2.0


References

CONFIRM - http://www.packetfence.org/bugs/view.php?id=1390

MLIST - [Packetfence-announce] 20120413 PacketFence 3.3.0 released!

XF - packetfence-radius-spoofing(78868)


Last Updated: 27 May 2016 11:00:26