CVE-2012-4741

PacketFence <3.3.0 - Auth Bypass

Title source: llm

Description

The RADIUS extension in PacketFence before 3.3.0 uses a different user name than is used for authentication for users with custom VLAN assignment extensions, which allows remote attackers to spoof user identities via the User-Name RADIUS attribute.

References (3)

[Product] http://sourceforge.net/mailarchive/message.php?msg_id=29126135

[Vendor Advisory] http://www.packetfence.org/bugs/view.php?id=1390

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/78868

Scores

EPSS 0.0030

EPSS Percentile 52.9%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

packetfence/packetfence < 3.2.0

Timeline

Published Aug 31, 2012

Tracked Since Feb 18, 2026