stunnel: authentication bypass with the "redirect" option

Submitted on 22. May 2015 - 11:22 by rischi.
Last update on 22. May 2015 - 18:13.

IDs:

CVE-2015-3644

Keywords:

stunnel

Description:

stunnel 5.00 - 5.13 is affected by an authentication vulnerability when client certificate authentication is active and the "redirect" option is used [1].

Airlock WAF uses stunnel in the SSL VPN service. The service is not affected because certificate-based authentication is not used.

Resolution:

no action required

Component:

SSL VPN Service

Airlock Vulnerability Status:

Does not affect Airlock

Back-end Vulnerability Status:

No action required

Reference:

[1] stunnel: Authentication bypass with the "redirect" option

Main menu

Navigation

User menu

You are here

stunnel: authentication bypass with the "redirect" option

Main menu

Search form

Navigation

User menu

You are here

stunnel: authentication bypass with the "redirect" option