Authentication flaw

2020-12-2222:15:00

PRIOn knowledge base

www.prio-n.com

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.0%

JSON

The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application.

CPENameOperatorVersion
symphony_\\+_historianeq3.0
symphony_\\+_historianeq3.1
symphony_\\+_operationseq1.1
symphony_\\+_operationseq2.0
symphony_\\+_operationseq2.1 sp1
symphony_\\+_operationseq2.1 sp2
symphony_\\+_operationseq3.0
symphony_\\+_operationseq3.1
symphony_\\+_operationseq3.2
symphony_\\+_operationseq3.3

Name	Operator	Version
symphony_\\+_historian	eq	3.0
symphony_\\+_historian	eq	3.1
symphony_\\+_operations	eq	1.1
symphony_\\+_operations	eq	2.0
symphony_\\+_operations	eq	2.1 sp1
symphony_\\+_operations	eq	2.1 sp2
symphony_\\+_operations	eq	3.0
symphony_\\+_operations	eq	3.1
symphony_\\+_operations	eq	3.2
symphony_\\+_operations	eq	3.3