Description
tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation.
References (3)
Core 3
Core References
Various Sources
http://www.tinc-vpn.org/git/browse?p=tinc%3Ba=commit%3Bh=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
Vendor Advisory
http://tinc-vpn.org/security/
Third Party Advisory
https://www.starwindsoftware.com/security/sw-20190227-0001/
Scores
CVSS v3
5.3
EPSS
0.0147
EPSS Percentile
70.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-287
Status
published
Products (2)
starwindsoftware/starwind_virtual_san
v8 build12533 (2 CPE variants)
tinc-vpn/tinc
< 1.0.30
Published
Oct 10, 2018
Tracked Since
Feb 18, 2026