Samhain SRP Protocol Implementation Authentication Bypass

medium Nessus Plugin ID 35952

Language:

Synopsis

The remote host is running a vulnerable server that may allow an attacker to authenticate without proper credentials.

Description

The version of Samhain installed on the remote host has an input verfication bug in its SRP implementation. If able to supply a valid username, a malicious client can exploit this issue and connect without a valid password.

Solution

Upgrade to Samhain 2.5.4 or later.

Plugin Details

Severity: Medium

ID: 35952

File Name: samhain_srp_vuln.nbin

Version: 1.75

Type: remote

Family: Misc.

Published: 3/17/2009

Updated: 3/19/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 3/5/2009

Vulnerability Publication Date: 3/5/2009

Reference Information

CVE: CVE-2009-4810

BID: 34003

Secunia: 34104

Detections

Analytics