SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VPN)  >   Stunnel Vendors:   Stunnel.org
Stunnel Redirect Option Connection Forwarding Flaw Lets Remote Users Bypass Authentication
SecurityTracker Alert ID:  1032324
SecurityTracker URL:  http://securitytracker.com/id/1032324
CVE Reference:   CVE-2015-3644   (Links to External Site)
Date:  May 14 2015
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.00 to 5.13
Description:   A vulnerability was reported in Stunnel. A remote user can bypass authentication on the target system.

When the redirect option is used, the system forwards connections (other than the initial connection) with the 'connect' specification indicating successful authentcation instead of the 'redirect' specification.

Johan Olofsson reported this vulnerability.

Impact:   A remote user can bypass authentication on the target system.
Solution:   The vendor has issued a fix (5.14) [in March 2015].

The vendor's advisory is available at:

https://www.stunnel.org/CVE-2015-3644.html

Vendor URL:  www.stunnel.org/CVE-2015-3644.html (Links to External Site)
Cause:   Authentication error
Underlying OS:  Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Apr 28 2018 (Juniper Issues Fix for Juniper Junos) Stunnel Redirect Option Connection Forwarding Flaw Lets Remote Users Bypass Authentication
Juniper has issued a fix for Juniper Junos.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC