| Vulnerability Name: | CVE-2012-4523 (CCN-79401) | ||||||||||||||||||||||||
| Assigned: | 2012-09-13 | ||||||||||||||||||||||||
| Published: | 2012-09-13 | ||||||||||||||||||||||||
| Updated: | 2013-01-30 | ||||||||||||||||||||||||
| Summary: | radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N) 4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-264 | ||||||||||||||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2012-4523 Source: CCN Type: SA50925 radsecproxy Client Certificate Verification Security Issue Source: SECUNIA Type: Vendor Advisory 51251 Source: DEBIAN Type: UNKNOWN DSA-2573 Source: DEBIAN Type: DSA-2573 radsecproxy -- SSL certificate verification weakness Source: MLIST Type: UNKNOWN [oss-security] 20121017 CVE request: radsecproxy incorrect x.509 certificate validation Source: MLIST Type: UNKNOWN [oss-security] 20121031 Re: Re: CVE request: radsecproxy incorrect x.509 certificate validation Source: BID Type: UNKNOWN 56105 Source: CCN Type: BID-56105 radsecproxy Client Certificate Verification Security Bypass Vulnerability Source: XF Type: UNKNOWN radsecproxy-sec-bypass(79401) Source: MLIST Type: UNKNOWN [radsecproxy] 20120913 Radsecproxy is mixing up pre- and post-TLS-handshake client verification Source: MLIST Type: UNKNOWN [radsecproxy] 20120917 Radsecproxy 1.6.1 is out Source: CCN Type: RADSECPROXY-43 Radsecproxy is mixing up pre- and post-TLS-handshake client verification Source: CONFIRM Type: UNKNOWN https://project.nordu.net/browse/RADSECPROXY-43 | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||