Auth bypass in Armin_burgmeier Net6

CVE-2011-4091

The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a partic…

Vulnerability class: Broken Authentication

EPSS: 0.006 (68.8th percentile) — read the EPSS interpretation.

Affected products

Armin_burgmeier Net6 — versions 1.3.1, 1.3.2, 1.3.3
Oracle Solaris — versions 11.2
Opensuse — versions 11.3, 11.4
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
openSUSE-SU-2012:0008 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
openSUSE-SU-2012:0040 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM, Issue Tracking)
[oss-security] 20111031 Re: CVE request: 3 flaws in libobby and libnet6 (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Issue Tracking)