CVE-2021-45036

high

Description

Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.

References

https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32

https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0

https://velneo.es/mivelneo/listado-de-cambios-velneo-32/

https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena

https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps

https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver

https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps

Details

Source: Mitre, NVD

Published: 2022-11-28

Updated: 2024-09-16

Risk Information

CVSS v2

Base Score: 7.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N

Severity: High

CVSS v3

Base Score: 7.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N