CVE-2009-4810
Samhain < 2.5.4 - Unauthenticated Authentication Bypass via SRP Zero Value
Title source: llmDescription
The Secure Remote Password (SRP) implementation in Samhain before 2.5.4 does not check for a certain zero value where required by the protocol, which allows remote attackers to bypass authentication via crafted input.
References (4)
Core 4
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34104
Patch x_refsource_confirm
http://trac.la-samhna.de/samhain/ticket/150
Exploit, Patch x_refsource_confirm
http://trac.la-samhna.de/samhain/changeset/225
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34003
Scores
EPSS
0.0256
EPSS Percentile
83.2%
Details
CWE
CWE-20
Status
published
Products (31)
samhain_labs/samhain
1.8.9
samhain_labs/samhain
1.8.10 (3 CPE variants)
samhain_labs/samhain
1.8.11
samhain_labs/samhain
1.8.12 (3 CPE variants)
samhain_labs/samhain
2.0.0
samhain_labs/samhain
2.0.1
samhain_labs/samhain
2.0.2 (2 CPE variants)
samhain_labs/samhain
2.0.3
samhain_labs/samhain
2.0.4
samhain_labs/samhain
2.0.5 (3 CPE variants)
... and 21 more
Published
Apr 23, 2010
Tracked Since
Feb 18, 2026