CVE-2010-3902

OpenConnect < 2.26 - Exposure of Sensitive Information via Debugging Output

Title source: llm
STIX 2.1

Description

OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list.

References (7)

Core 7
Core References
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051637.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051640.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051620.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3078
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/44111
Various Sources x_refsource_confirm
http://www.infradead.org/openconnect.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42381

Scores

EPSS 0.0226
EPSS Percentile 80.9%

Details

CWE
CWE-200
Status published
Products (6)
infradead/openconnect 1.00
infradead/openconnect 1.10
infradead/openconnect 1.20
infradead/openconnect 1.30
infradead/openconnect 2.22
infradead/openconnect < 2.25
Published Oct 14, 2010
Tracked Since Feb 18, 2026