Unrated severityNVD Advisory· Published Nov 20, 2012· Updated Apr 29, 2026
CVE-2012-4523
CVE-2012-4523
Description
radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients.
Affected products
17cpe:2.3:a:uninett:radsecproxy:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:uninett:radsecproxy:*:*:*:*:*:*:*:*range: <=1.6
- cpe:2.3:a:uninett:radsecproxy:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:uninett:radsecproxy:1.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:uninett:radsecproxy:1.0:alpha-p1:*:*:*:*:*:*
- cpe:2.3:a:uninett:radsecproxy:1.0:p1:*:*:*:*:*:*
- cpe:2.3:a:uninett:radsecproxy:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:uninett:radsecproxy:1.1:alpha:*:*:*:*:*:*
- cpe:2.3:a:uninett:radsecproxy:1.1:beta:*:*:*:*:*:*
- cpe:2.3:a:uninett:radsecproxy:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:uninett:radsecproxy:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:uninett:radsecproxy:1.3:alpha:*:*:*:*:*:*
- cpe:2.3:a:uninett:radsecproxy:1.3:beta:*:*:*:*:*:*
- cpe:2.3:a:uninett:radsecproxy:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:uninett:radsecproxy:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:uninett:radsecproxy:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:uninett:radsecproxy:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:uninett:radsecproxy:1.5:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- secunia.com/advisories/51251nvdVendor Advisory
- www.debian.org/security/2012/dsa-2573nvd
- www.openwall.com/lists/oss-security/2012/10/17/7nvd
- www.openwall.com/lists/oss-security/2012/10/31/6nvd
- www.securityfocus.com/bid/56105nvd
- postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00001.htmlnvd
- postlister.uninett.no/sympa/arc/radsecproxy/2012-09/msg00006.htmlnvd
- project.nordu.net/browse/RADSECPROXY-43nvd
News mentions
0No linked articles in our index yet.