hfaxd in HylaFAX prior to 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote malicious users to authenticate and bypass intended access restrictions via a crafted (1) username or (2) hostname that satisfies a regular expression that is matched against a hosts.hfaxd entry without a password.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hylafax hylafax 4.1.2 |
||
hylafax hylafax 4.1.3 |
||
hylafax hylafax 4.1_beta3 |
||
hylafax hylafax 4.2.0 |
||
hylafax hylafax 4.1.7 |
||
hylafax hylafax 4.1.8 |
||
hylafax hylafax 4.1.5 |
||
hylafax hylafax 4.1.6 |
||
hylafax hylafax 4.1.1 |
||
hylafax hylafax 4.1_beta1 |
||
hylafax hylafax 4.1_beta2 |