Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Radsecproxy 权限许可和访问控制漏洞
Vulnerability Description
Radsecproxy是一个通用的 RADIUS 代理,支持 UDP 和 TLS (RadSec) RADIUS 传输。 radsecproxy 1.6.1之前的版本中存在权限许可和访问控制漏洞,该漏洞源于当配置块以被用于验证证书链的块无关的CA设置时,没有正确验证证书。远程攻击者利用该漏洞绕过目地访问限制并欺骗客户端。
CVSS Information
N/A
Vulnerability Type
N/A