Iodine
CVE-2014-4168
MEDIUM
Severity by source
AV:N/AC:L/Au:N/C:P/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:P/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
(1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote attackers to bypass authentication by continuing execution after an error has been triggering.
AnalysisAI
(1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote attackers to bypass authentication by continuing execution after an error has been triggering. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. (1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote attackers to bypass authentication by continuing execution after an error has been triggering. Affected products include: Kryo Iodine. Version information: before 0.7.0.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
Remote unauthenticated denial of service affects facil.io (all versions prior to commit 5128747) and iodine (all version
Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today