Auth bypass in Condor_project Condor

CVE-2012-3416

Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname.

Vulnerability class: Broken Authentication

EPSS: 0.019 (83.5th percentile) — read the EPSS interpretation.

Affected products

Condor_project Condor — versions 6.5.4, 6.8.0, 6.8.1
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

condor-reverse-dns-security-bypass(77748) (vdb-entry, x_refsource_XF)
RHSA-2012:1168 (x_refsource_REDHAT, vendor-advisory)
1027395 (vdb-entry, x_refsource_SECTRACK)
84766 (x_refsource_OSVDB, vdb-entry)
50246 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
55032 (vdb-entry, x_refsource_BID)
50294 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
RHSA-2012:1169 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)