CVE-2021-42072 log

Source
Severity Low
Remote Yes
Type Insufficient validation
Description
A security issue has been found in Barrier before version 2.4.0. Contrary to the client side, the server does not verify client connections in any way. Since the server is taking over control of the client this may seem enough at first glance. However it means that the SSL connection does not add any authenticity or authentication for the server side. The server process thus provides attack surface to any member of the attached network.
Group Package Affected Fixed Severity Status Ticket
AVG-2510 barrier 2.3.3-1 2.4.0-1 Low Fixed
References
https://www.openwall.com/lists/oss-security/2021/11/02/4
https://github.com/debauchee/barrier/pull/1346