Duplicate Advisory: tgstation-server vulnerable to cached user logins in legacy server

GHSA-7r36-jf3c-jhp4

Published May 13, 2022 · Modified Dec 5, 2024

Description

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-42r6-p4px-qvv6. This link is maintained to preserve external references.

Original Description

In Tgstation tgstation-server 3.2.4.0 through 3.2.1.0 (fixed in 3.2.5.0), active logins would be cached, allowing subsequent logins to succeed with any username or password.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-17107
WEB https://github.com/tgstation/tgstation-server/issues/690

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes