Samhain SRP Protocol Implementation Authentication Bypass

Medium Nessus Plugin ID 35952


The remote host is running a vulnerable server that may allow an attacker to authenticate without proper credentials.


The version of Samhain installed on the remote host has an input verfication bug in its SRP implementation. If able to supply a valid username, a malicious client can exploit this issue and connect without a valid password.


Upgrade to Samhain 2.5.4 or later.

See Also

Plugin Details

Severity: Medium

ID: 35952

File Name: samhain_srp_vuln.nbin

Version: $Revision: 1.26 $

Type: remote

Family: Misc.

Published: 2009/03/17

Modified: 2018/01/29

Dependencies: 35951

Risk Information

Risk Factor: Medium


Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2009/03/05

Vulnerability Publication Date: 2009/03/05

Reference Information

CVE: CVE-2009-4810

BID: 34003

OSVDB: 54363

Secunia: 34104