Detections
Analytics

stunnel < 5.14 Authentication Bypass Vulnerability

medium Nessus Plugin ID 83730

Language:

Synopsis

The remote Windows host contains a program that is affected by an authentication bypass vulnerability.

Description

The version of stunnel installed on the remote host is prior to version 5.14. It is, therefore, affected by a vulnerability related to the handling of authentication failures that involve the 'redirect' option. In this case, only the initial connection is forwarded to the hosts specified with 'redirect'; however, subsequent connections established with reused SSL/TLS sessions are forwarded to the hosts specified with 'connect' as if they were already successfully authenticated. A remote attacker can exploit this vulnerability to bypass authentication mechanisms.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to stunnel 5.14 or later. Alternatively, remove the 'redirect' option from the configuration file.

See Also

https://www.stunnel.org/CVE-2015-3644.html

Plugin Details

Severity: Medium

ID: 83730

File Name: stunnel_5_14.nasl

Version: 1.6

Type: local

Agent: windows

Family: Windows

Published: 5/20/2015

Updated: 7/30/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.0

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: cpe:/a:stunnel:stunnel

Required KB Items: installed_sw/stunnel

Exploit Ease: No known exploits are available

Patch Publication Date: 3/25/2015

Vulnerability Publication Date: 3/25/2015

Reference Information

CVE: CVE-2015-3644

BID: 74659

IAVB: 2015-B-0063