Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victimss username and hashed password to spoof the victims id against the server.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Vclient | Velneo | 28.1.3 (including) | 28.1.3 (including) |