stunnel < 5.14 Authentication Bypass Vulnerability

Medium Nessus Plugin ID 83730


The remote Windows host contains a program that is affected by an authentication bypass vulnerability.


The version of stunnel installed on the remote host is prior to version 5.14. It is, therefore, affected by a vulnerability related to the handling of authentication failures that involve the 'redirect' option. In this case, only the initial connection is forwarded to the hosts specified with 'redirect'; however, subsequent connections established with reused SSL/TLS sessions are forwarded to the hosts specified with 'connect' as if they were already successfully authenticated. A remote attacker can exploit this vulnerability to bypass authentication mechanisms.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Upgrade to stunnel 5.14 or later. Alternatively, remove the 'redirect' option from the configuration file.

See Also

Plugin Details

Severity: Medium

ID: 83730

File Name: stunnel_5_14.nasl

Version: $Revision: 1.5 $

Type: local

Agent: windows

Family: Windows

Published: 2015/05/20

Modified: 2016/07/29

Dependencies: 65689

Risk Information

Risk Factor: Medium


Base Score: 5.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:ND/RC:ND

Vulnerability Information

CPE: cpe:/a:stunnel:stunnel

Required KB Items: installed_sw/stunnel

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/03/25

Vulnerability Publication Date: 2015/03/25

Reference Information

CVE: CVE-2015-3644

BID: 74659

OSVDB: 122182

IAVB: 2015-B-0063