CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
77.5%
The Secure Remote Password (SRP) implementation in Samhain before 2.5.4 does not check for a certain zero value where required by the protocol, which allows remote attackers to bypass authentication via crafted input.
Vendor | Product | Version | CPE |
---|---|---|---|
samhain_labs | samhain | * | cpe:2.3:a:samhain_labs:samhain:*:*:*:*:*:*:*:* |
samhain_labs | samhain | 1.8.9 | cpe:2.3:a:samhain_labs:samhain:1.8.9:*:*:*:*:*:*:* |
samhain_labs | samhain | 1.8.10 | cpe:2.3:a:samhain_labs:samhain:1.8.10:*:*:*:*:*:*:* |
samhain_labs | samhain | 1.8.10 | cpe:2.3:a:samhain_labs:samhain:1.8.10:a:*:*:*:*:*:* |
samhain_labs | samhain | 1.8.10 | cpe:2.3:a:samhain_labs:samhain:1.8.10:b:*:*:*:*:*:* |
samhain_labs | samhain | 1.8.11 | cpe:2.3:a:samhain_labs:samhain:1.8.11:*:*:*:*:*:*:* |
samhain_labs | samhain | 1.8.12 | cpe:2.3:a:samhain_labs:samhain:1.8.12:*:*:*:*:*:*:* |
samhain_labs | samhain | 1.8.12 | cpe:2.3:a:samhain_labs:samhain:1.8.12:a:*:*:*:*:*:* |
samhain_labs | samhain | 1.8.12 | cpe:2.3:a:samhain_labs:samhain:1.8.12:b:*:*:*:*:*:* |
samhain_labs | samhain | 2.0.0 | cpe:2.3:a:samhain_labs:samhain:2.0.0:*:*:*:*:*:*:* |