OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows remote attackers to bypass the OAP authentication restrictions and execute OAP commands via a crafted OAP request for version information, which causes the state to be set to CLIENT_AUTHENTIC.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openvas_administrator | Openvas | 1.2-rc1 (including) | 1.2-rc1 (including) |
| Openvas_administrator | Openvas | 1.2.0 (including) | 1.2.0 (including) |
| Openvas_administrator | Openvas | 1.2.1 (including) | 1.2.1 (including) |
| Openvas_administrator | Openvas | 1.3-beta1 (including) | 1.3-beta1 (including) |
| Openvas_administrator | Openvas | 1.3-rc1 (including) | 1.3-rc1 (including) |
| Openvas_administrator | Openvas | 1.3.0 (including) | 1.3.0 (including) |
| Openvas_administrator | Openvas | 1.3.1 (including) | 1.3.1 (including) |
| Openvas-server | Ubuntu | lucid | * |
| Openvas-server | Ubuntu | precise | * |
| Openvas-server | Ubuntu | quantal | * |
| Openvas-server | Ubuntu | raring | * |
| Openvas-server | Ubuntu | saucy | * |
| Openvas-server | Ubuntu | trusty | * |
| Openvas-server | Ubuntu | utopic | * |