---

CVE-2021-42072 - log back

CVE-2021-42072 edited at 02 Nov 2021 12:32:18
Severity	- Unknown + Low
Remote	- Unknown + Remote
Type	- Unknown + Insufficient validation
Description	+ A security issue has been found in Barrier before version 2.4.0. Contrary to the client side, the server does not verify client connections in any way. Since the server is taking over control of the client this may seem enough at first glance. However it means that the SSL connection does not add any authenticity or authentication for the server side. The server process thus provides attack surface to any member of the attached network.
References	+ https://www.openwall.com/lists/oss-security/2021/11/02/4 + https://github.com/debauchee/barrier/pull/1346
Notes

CVE-2021-42072 created at 02 Nov 2021 12:28:17