Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.

Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.

Spanish National Cybersecurity Institute, S.A. (INCIBE) CWE-290

Spanish National Cybersecurity Institute, S.A. (INCIBE) CWE-836

Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.

Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.

Spanish National Cybersecurity Institute, S.A. (INCIBE) https://www.incibe.es/en/incibe-cert/notices/aviso/velneo-vclient-improper-authentication-0 [No types assigned]

Spanish National Cybersecurity Institute, S.A. (INCIBE) https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authentication-0

NIST CWE-287

NIST CWE-290

OR
     *cpe:2.3:a:velneo:vclient:28.1.3:*:*:*:*:*:*:*

NIST AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

NIST CWE-290

https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps No Types Assigned

https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps Vendor Advisory

https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver No Types Assigned

https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver Vendor Advisory

https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps No Types Assigned

https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps Vendor Advisory

https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena No Types Assigned

https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena Release Notes, Vendor Advisory

https://velneo.es/mivelneo/listado-de-cambios-velneo-32/ No Types Assigned

https://velneo.es/mivelneo/listado-de-cambios-velneo-32/ Release Notes, Vendor Advisory

https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authentication-0 No Types Assigned

https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authentication-0 Third Party Advisory

https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32 No Types Assigned

https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32 Release Notes, Vendor Advisory

https://doc.velneo.com/v/32/velneo-vserver/funcionalidades/protocolo-vatps [No Types Assigned]

https://doc.velneo.com/v/32/velneo/funcionalidades-comunes/conexion-con-velneo-vserver [No Types Assigned]

https://doc.velneo.com/v/32/velneo/notas-de-la-version#a-partir-de-esta-version-todos-los-servidores-arrancaran-con-protocolo-vatps [No Types Assigned]

https://doc.velneo.com/v/32/velneo/notas-de-la-version#mejoras-de-seguridad-en-validacion-de-usuario-y-contrasena [No Types Assigned]

https://velneo.es/mivelneo/listado-de-cambios-velneo-32/ [No Types Assigned]

https://www.velneo.com/blog/disponible-la-nueva-version-velneo-32 [No Types Assigned]