CVE-2014-4168

iodine <0.7.0 - Auth Bypass

Title source: llm

Description

(1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote attackers to bypass authentication by continuing execution after an error has been triggering.

References (6)

[Third Party Advisory] http://secunia.com/advisories/59417

[Issue Tracking] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751834

[Various Sources] https://github.com/yarrick/iodine/blob/b715be5cf3978fbe589b03b09c9398d0d791f850/CHANGELOG

View Writeup ZIP pw:eip

[Third Party Advisory] http://www.debian.org/security/2014/dsa-2964

[Mailing List] http://www.openwall.com/lists/oss-security/2014/06/16/5

[Mailing List] http://www.openwall.com/lists/oss-security/2014/06/18/1

Scores

EPSS 0.0104

EPSS Percentile 77.2%

Classification

CWE

CWE-287

Status draft

Affected Products (12)

kryo/iodine < 0.6.0

kryo/iodine

Timeline

Published Jul 03, 2014

Tracked Since Feb 18, 2026