Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
iHongRen pptp-vpn XPC Service HelperTool.m shouldAcceptNewConnection missing authentication
Vulnerability Description
A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This manipulation causes missing authentication. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
pptp-vpn 访问控制错误漏洞
Vulnerability Description
pptp-vpn是iHongRen个人开发者的一个VPN客户端。 pptp-vpn 1.0版本和1.0.1版本存在访问控制错误漏洞,该漏洞源于XPC Service组件中文件HelpTool/HelperTool.m的函数shouldAcceptNewConnection缺少身份验证,可能导致本地攻击。
CVSS Information
N/A
Vulnerability Type
N/A