CVE-2012-4741
PacketFence < 3.2.0 - Improper Authentication via RADIUS User-Name Attribute
Title source: llmDescription
The RADIUS extension in PacketFence before 3.3.0 uses a different user name than is used for authentication for users with custom VLAN assignment extensions, which allows remote attackers to spoof user identities via the User-Name RADIUS attribute.
References (3)
Core 3
Core References
Product mailing-list
x_refsource_mlist
http://sourceforge.net/mailarchive/message.php?msg_id=29126135
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/78868
Vendor Advisory x_refsource_confirm
http://www.packetfence.org/bugs/view.php?id=1390
Scores
EPSS
0.0138
EPSS Percentile
68.7%
Details
CWE
CWE-287
Status
published
Products (1)
packetfence/packetfence
< 3.2.0
Published
Aug 31, 2012
Tracked Since
Feb 18, 2026