CVE-2009-4810

Samhain < 2.5.4 - Unauthenticated Authentication Bypass via SRP Zero Value

Title source: llm
STIX 2.1

Description

The Secure Remote Password (SRP) implementation in Samhain before 2.5.4 does not check for a certain zero value where required by the protocol, which allows remote attackers to bypass authentication via crafted input.

References (4)

Core 4
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34104
Exploit, Patch x_refsource_confirm
http://trac.la-samhna.de/samhain/changeset/225
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34003

Scores

EPSS 0.0256
EPSS Percentile 83.2%

Details

CWE
CWE-20
Status published
Products (31)
samhain_labs/samhain 1.8.9
samhain_labs/samhain 1.8.10 (3 CPE variants)
samhain_labs/samhain 1.8.11
samhain_labs/samhain 1.8.12 (3 CPE variants)
samhain_labs/samhain 2.0.0
samhain_labs/samhain 2.0.1
samhain_labs/samhain 2.0.2 (2 CPE variants)
samhain_labs/samhain 2.0.3
samhain_labs/samhain 2.0.4
samhain_labs/samhain 2.0.5 (3 CPE variants)
... and 21 more
Published Apr 23, 2010
Tracked Since Feb 18, 2026