National Vulnerability Database

National Vulnerability Database

National Vulnerability

CVE-2012-4566 Detail


The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients, a different vulnerability than CVE-2012-4523.

Source:  MITRE      Last Modified:  11/19/2012

Quick Info

CVE Dictionary Entry:
Original release date:
Last revised:


CVSS Severity (version 2.0):
CVSS v2 Base Score:
(AV:N/AC:L/Au:N/C:P/I:P/A:N) (legend)
Impact Subscore:
Exploitability Subscore:
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Not required to exploit
Impact Type:
Allows unauthorized disclosure of information; Allows unauthorized modification

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to

Hyperlink Resource Type Source Name;a=commit;h=3682c935facf5ccd7fa600644bbb76957155c680 External Source CONFIRM;a=commit;h=3682c935facf5ccd7fa600644bbb76957155c680 External Source DEBIAN DSA-2573 External Source MLIST [oss-security] 20121017 CVE request: radsecproxy incorrect x.509 certificate validation External Source MLIST [oss-security] 20121031 Re: Re: CVE request: radsecproxy incorrect x.509 certificate validation External Source MLIST [radsecproxy] 20120913 Radsecproxy is mixing up pre- and post-TLS-handshake client verification External Source MLIST [radsecproxy] 20121025 Radsecproxy 1.6.1 is out

Technical Details

Vulnerability Type (View All)

  • Permissions, Privileges, and Access Control (CWE-264)

Change History 1 change record found - show changes