Packetfence » Packetfence : Security Vulnerabilities, CVEs, (Gain Privilege) CVSS score >= 4
The RADIUS extension in PacketFence before 3.3.0 uses a different user name than is used for authentication for users with custom VLAN assignment extensions, which allows remote attackers to spoof user identities via the User-Name RADIUS attribute.
Max CVSS
5.0
EPSS Score
0.36%
Published
2012-08-31
Updated
2017-08-29
The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password.
Max CVSS
9.8
EPSS Score
0.37%
Published
2018-02-01
Updated
2018-02-21
2 vulnerabilities found