Description
(1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote attackers to bypass authentication by continuing execution after an error has been triggering.
References (6)
Core 6
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59417
Issue Tracking x_refsource_confirm
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751834
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/06/18/1
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/06/16/5
Various Sources x_refsource_confirm
https://github.com/yarrick/iodine/blob/b715be5cf3978fbe589b03b09c9398d0d791f850/CHANGELOG
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2964
Scores
EPSS
0.0104
EPSS Percentile
77.5%
Details
CWE
CWE-287
Status
published
Products (12)
kryo/iodine
0.3.0
kryo/iodine
0.3.1
kryo/iodine
0.3.2
kryo/iodine
0.3.3
kryo/iodine
0.3.4
kryo/iodine
0.4.0
kryo/iodine
0.4.1
kryo/iodine
0.4.2
kryo/iodine
0.5.0
kryo/iodine
0.5.1
... and 2 more
Published
Jul 03, 2014
Tracked Since
Feb 18, 2026