CVE-2012-3416

Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname.

Published: Aug 25, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-3416
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
condor_project / condor	7.1.4	7.1.4.x
condor_project / condor	6.8.1	6.8.1.x
condor_project / condor	7.2.3	7.2.3.x
condor_project / condor	-	7.8.1.x
condor_project / condor	7.1.3	7.1.3.x
condor_project / condor	6.8.4	6.8.4.x
condor_project / condor	7.1.0	7.1.0.x
condor_project / condor	7.1.1	7.1.1.x
condor_project / condor	7.0.0	7.0.0.x
condor_project / condor	7.3.2	7.3.2.x
condor_project / condor	7.02	7.02.x
condor_project / condor	7.01	7.01.x
condor_project / condor	7.2.1	7.2.1.x
condor_project / condor	7.2.0	7.2.0.x
condor_project / condor	7.4.1	7.4.1.x
condor_project / condor	7.3.0	7.3.0.x
condor_project / condor	6.8.9	6.8.9.x
condor_project / condor	6.8.0	6.8.0.x
condor_project / condor	7.0.6	7.0.6.x
condor_project / condor	6.8.6	6.8.6.x
condor_project / condor	7.00	7.00.x
condor_project / condor	6.8.7	6.8.7.x
condor_project / condor	6.8.3	6.8.3.x
condor_project / condor	7.0.5	7.0.5.x
condor_project / condor	7.2.2	7.2.2.x
condor_project / condor	7.0.1	7.0.1.x
condor_project / condor	7.8.0	7.8.0.x
condor_project / condor	6.5.4	6.5.4.x
condor_project / condor	7.0.2	7.0.2.x
condor_project / condor	7.4.0	7.4.0.x
condor_project / condor	7.3.1	7.3.1.x
condor_project / condor	7.03	7.03.x
condor_project / condor	7.0.3	7.0.3.x
condor_project / condor	7.1.2	7.1.2.x
condor_project / condor	6.8.5	6.8.5.x
condor_project / condor	6.8.8	6.8.8.x
condor_project / condor	7.0.4	7.0.4.x
condor_project / condor	6.8.2	6.8.2.x
condor_project / condor	7.2.4	7.2.4.x

Vulnerability Database

289,697

CVE-2012-3416