Description
tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1.
References (4)
Core 4
Core References
Various Sources
http://www.tinc-vpn.org/git/browse?p=tinc%3Ba=commit%3Bh=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
Vendor Advisory
http://tinc-vpn.org/security/
Third Party Advisory
https://www.starwindsoftware.com/security/sw-20190227-0002/
Third Party Advisory vendor-advisory
https://www.debian.org/security/2018/dsa-4312
Scores
CVSS v3
3.7
EPSS
0.0135
EPSS Percentile
68.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-287
Status
published
Products (3)
debian/debian_linux
9.0
starwindsoftware/starwind_virtual_san
v8 build12533 (2 CPE variants)
tinc-vpn/tinc
1.0.30 - 1.0.34
Published
Oct 10, 2018
Tracked Since
Feb 18, 2026