(1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote attackers to bypass authentication by continuing execution after an error has been triggering.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Iodine | Kryo | * | 0.6.0 (including) |
Iodine | Kryo | 0.3.0 (including) | 0.3.0 (including) |
Iodine | Kryo | 0.3.1 (including) | 0.3.1 (including) |
Iodine | Kryo | 0.3.2 (including) | 0.3.2 (including) |
Iodine | Kryo | 0.3.3 (including) | 0.3.3 (including) |
Iodine | Kryo | 0.3.4 (including) | 0.3.4 (including) |
Iodine | Kryo | 0.4.0 (including) | 0.4.0 (including) |
Iodine | Kryo | 0.4.1 (including) | 0.4.1 (including) |
Iodine | Kryo | 0.4.2 (including) | 0.4.2 (including) |
Iodine | Kryo | 0.5.0 (including) | 0.5.0 (including) |
Iodine | Kryo | 0.5.1 (including) | 0.5.1 (including) |
Iodine | Kryo | 0.5.2 (including) | 0.5.2 (including) |
Iodine | Ubuntu | lucid | * |
Iodine | Ubuntu | precise | * |
Iodine | Ubuntu | saucy | * |
Iodine | Ubuntu | trusty | * |
Iodine | Ubuntu | upstream | * |