Samhain SRP Protocol Implementation Authentication Bypass
Medium Nessus Plugin ID 35952
SynopsisThe remote host is running a vulnerable server that may allow an attacker to authenticate without proper credentials.
DescriptionThe version of Samhain installed on the remote host has an input verfication bug in its SRP implementation. If able to supply a valid username, a malicious client can exploit this issue and connect without a valid password.
SolutionUpgrade to Samhain 2.5.4 or later.