FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

iodined -- authentication bypass

Affected packages
iodine < 0.7.0

Details

VuXML ID 0981958a-f733-11e3-8276-071f1604ef8a
Discovery 2014-06-16
Entry 2014-06-18

Erik Ekman of the iodine project reports:

The client could bypass the password check by continuing after getting error from the server and guessing the network parameters. The server would still accept the rest of the setup and also network traffic.

References

URL https://github.com/yarrick/iodine/commit/b715be5cf3978fbe589b03b09c9398d0d791f850