tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC.
Max CVSS
5.0
EPSS Score
0.32%
Published
2002-12-31
Updated
2017-07-11
tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into user sessions by sniffing and replaying packets.
Max CVSS
5.0
EPSS Score
0.70%
Published
2001-12-31
Updated
2017-07-11
2 vulnerabilities found