Unrated severityNVD Advisory· Published Dec 31, 2002· Updated Jun 16, 2026

CVE-2002-1755

Description

tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC.

Affected products

Tinc/Tinc3 versions
cpe:2.3:a:tinc:tinc:1.0pre3:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:tinc:tinc:1.0pre3:*:*:*:*:*:*:*
- cpe:2.3:a:tinc:tinc:1.0pre4:*:*:*:*:*:*:*
- (no CPE)range: <=1.0pre4

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/archive/1/249142nvd
exchange.xforce.ibmcloud.com/vulnerabilities/7868nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000