CVE-2011-4091 — Improper Authentication in Burgmeier Net6

CWE-287 — Improper Authentication6 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 31.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Armin Burgmeier Net6 Opensuse Oracle Solaris

Timeline

PublishedFeb 10

Latest updateMay 14

Description

The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a particular user and color preferences.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDarmin_burgmeier/net61.3.13+12

▶NVDoracle/solaris11.2

▶NVDopensuse/opensuse11.3, 11.4+1

🔴Vulnerability Details

GHSA

GHSA-2hm9-33m6-xf92: The libobby server in inc/server↗2022-05-14

▶

CVEList

CVE-2011-4091: The libobby server in inc/server↗2014-02-10

▶

💬Community

Bugzilla

CVE-2011-4093 CVE-2011-4091 net6 various flaws [fedora-all]↗2011-11-01

▶

Bugzilla

CVE-2011-4091 net6: user information exposure flaw↗2011-11-01

▶

Bugzilla

CVE-2011-4093 CVE-2011-4091 net6 various flaws [epel-all]↗2011-11-01

▶