CVE-2012-3416 — Improper Authentication in Project Condor

CWE-287 — Improper Authentication CWE-284 — Improper Access Control8 documents7 sources

Severity

10.0CRITICALNVD

EPSS

1.9%

top 16.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Condor Project Condor

Timeline

PublishedAug 25

Latest updateMay 17

Description

Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶Debiancondor_project/condor< 7.8.2~dfsg.1-1+1

▶NVDcondor_project/condor7.8.1+38

🔴Vulnerability Details

GHSA

GHSA-g6rg-4rx4-gw4m: Condor before 7↗2022-05-17

▶

OSV

CVE-2012-3416: Condor before 7↗2012-08-25

▶

CVEList

CVE-2012-3416: Condor before 7↗2012-08-25

▶

📋Vendor Advisories

Red Hat

condor: host based authentication does not implement forward-confirmed reverse dns↗2012-08-14

▶

Debian

CVE-2012-3416: condor - Condor before 7.8.2 allows remote attackers to bypass host-based authentication ...↗2012

▶

💬Community

Bugzilla

CVE-2012-3416 condor: host based authentication does not implement forward-confirmed reverse dns [fedora-all]↗2012-08-14

▶

Bugzilla

CVE-2012-3416 condor: host based authentication does not implement forward-confirmed reverse dns↗2012-07-18

▶