Information disclosure - CVE-2016-4028
Published: June 27, 2016 / Updated: November 22, 2018
Vulnerability identifier: #VU33
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-4028
CWE-ID: CWE-200
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows a remote authenticated user to obtain authentication information on the target system.
The vulnerability exists due to access control error in the system for user-supplied authentication tokens with the correct encryption padding versus tokens with non-matching encryption padding. A remote authenticated user can determine the guest token in certain cases.
Successful exploitation of this vulnerability may result in disclosure of authentication information.
The vulnerability exists due to access control error in the system for user-supplied authentication tokens with the correct encryption padding versus tokens with non-matching encryption padding. A remote authenticated user can determine the guest token in certain cases.
Successful exploitation of this vulnerability may result in disclosure of authentication information.
How to mitigate CVE-2016-4028
The vendor has issued a fix Guard 2.4.0-rev8 in April 2016.