CVE-2010-3902
OpenConnect < 2.26 - Exposure of Sensitive Information via Debugging Output
Title source: llmDescription
OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list.
References (7)
Core 7
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051637.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051640.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051620.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3078
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/44111
Various Sources x_refsource_confirm
http://www.infradead.org/openconnect.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42381
Scores
EPSS
0.0226
EPSS Percentile
80.9%
Details
CWE
CWE-200
Status
published
Products (6)
infradead/openconnect
1.00
infradead/openconnect
1.10
infradead/openconnect
1.20
infradead/openconnect
1.30
infradead/openconnect
2.22
infradead/openconnect
< 2.25
Published
Oct 14, 2010
Tracked Since
Feb 18, 2026