Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-4409

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 Dec, 2009 | 21:00
Updated At-17 Sep, 2024 | 01:35
Rejected At-
Credits

The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC) function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for each authentication attempt, which allows remote attackers to bypass authentication via a replay attack.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 Dec, 2009 | 21:00
Updated At:17 Sep, 2024 | 01:35
Rejected At:
▼CVE Numbering Authority (CNA)

The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC) function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for each authentication attempt, which allows remote attackers to bypass authentication via a replay attack.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/37628
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/37293
vdb-entry
x_refsource_BID
http://jvn.jp/en/jp/JVN49602378/index.html
third-party-advisory
x_refsource_JVN
http://www.osvdb.org/61118
vdb-entry
x_refsource_OSVDB
http://www.seil.jp/seilseries/security/2009/a00697.php
x_refsource_CONFIRM
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000079.html
third-party-advisory
x_refsource_JVNDB
Hyperlink: http://secunia.com/advisories/37628
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/37293
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://jvn.jp/en/jp/JVN49602378/index.html
Resource:
third-party-advisory
x_refsource_JVN
Hyperlink: http://www.osvdb.org/61118
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.seil.jp/seilseries/security/2009/a00697.php
Resource:
x_refsource_CONFIRM
Hyperlink: http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000079.html
Resource:
third-party-advisory
x_refsource_JVNDB
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/37628
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/37293
vdb-entry
x_refsource_BID
x_transferred
http://jvn.jp/en/jp/JVN49602378/index.html
third-party-advisory
x_refsource_JVN
x_transferred
http://www.osvdb.org/61118
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.seil.jp/seilseries/security/2009/a00697.php
x_refsource_CONFIRM
x_transferred
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000079.html
third-party-advisory
x_refsource_JVNDB
x_transferred
Hyperlink: http://secunia.com/advisories/37628
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/37293
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://jvn.jp/en/jp/JVN49602378/index.html
Resource:
third-party-advisory
x_refsource_JVN
x_transferred
Hyperlink: http://www.osvdb.org/61118
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.seil.jp/seilseries/security/2009/a00697.php
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000079.html
Resource:
third-party-advisory
x_refsource_JVNDB
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:23 Dec, 2009 | 21:30
Updated At:23 Apr, 2026 | 00:35

The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC) function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for each authentication attempt, which allows remote attackers to bypass authentication via a replay attack.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.02.6LOW
AV:N/AC:H/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 2.6
Base severity: LOW
Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N
CPE Matches
iij
iij
>>seil\/b1>>1.00
cpe:2.3:h:iij:seil\/b1:1.00:*:*:*:*:*:*:*
iij
iij
>>seil\/b1>>2.01
cpe:2.3:h:iij:seil\/b1:2.01:*:*:*:*:*:*:*
iij
iij
>>seil\/b1>>2.10
cpe:2.3:h:iij:seil\/b1:2.10:*:*:*:*:*:*:*
iij
iij
>>seil\/b1>>2.20
cpe:2.3:h:iij:seil\/b1:2.20:*:*:*:*:*:*:*
iij
iij
>>seil\/b1>>2.30
cpe:2.3:h:iij:seil\/b1:2.30:*:*:*:*:*:*:*
iij
iij
>>seil\/b1>>2.40
cpe:2.3:h:iij:seil\/b1:2.40:*:*:*:*:*:*:*
iij
iij
>>seil\/b1>>2.41
cpe:2.3:h:iij:seil\/b1:2.41:*:*:*:*:*:*:*
iij
iij
>>seil\/b1>>2.42
cpe:2.3:h:iij:seil\/b1:2.42:*:*:*:*:*:*:*
iij
iij
>>seil\/b1>>2.50
cpe:2.3:h:iij:seil\/b1:2.50:*:*:*:*:*:*:*
iij
iij
>>seil\/b1>>2.51
cpe:2.3:h:iij:seil\/b1:2.51:*:*:*:*:*:*:*
iij
iij
>>seil\/b1>>2.52
cpe:2.3:h:iij:seil\/b1:2.52:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
CWE ID: CWE-287
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://jvn.jp/en/jp/JVN49602378/index.htmlcve@mitre.org
N/A
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000079.htmlcve@mitre.org
N/A
http://secunia.com/advisories/37628cve@mitre.org
Vendor Advisory
http://www.osvdb.org/61118cve@mitre.org
N/A
http://www.securityfocus.com/bid/37293cve@mitre.org
N/A
http://www.seil.jp/seilseries/security/2009/a00697.phpcve@mitre.org
Vendor Advisory
http://jvn.jp/en/jp/JVN49602378/index.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000079.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/37628af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.osvdb.org/61118af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/37293af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.seil.jp/seilseries/security/2009/a00697.phpaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://jvn.jp/en/jp/JVN49602378/index.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000079.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/37628
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.osvdb.org/61118
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/37293
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.seil.jp/seilseries/security/2009/a00697.php
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://jvn.jp/en/jp/JVN49602378/index.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000079.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/37628
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.osvdb.org/61118
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/37293
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.seil.jp/seilseries/security/2009/a00697.php
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

8Records found
CVE-2025-11633
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 14.60%
||
7 Day CHG~0.00%
Published-12 Oct, 2025 | 12:02
Updated-30 Oct, 2025 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tomofun Furbo 360/Furbo Mini HTTP Traffic collect_logs.sh upload_file_to_s3 certificate validation

A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is the function upload_file_to_s3 of the file collect_logs.sh of the component HTTP Traffic Handler. The manipulation leads to improper certificate validation. The attack may be initiated remotely. The attack is considered to have high complexity. The exploitation is known to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-furboTomofun
Product-furbo_minifurbo_360_dog_camera_firmwarefurbo_360_dog_camerafurbo_mini_firmwareFurbo 360Furbo Mini
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-4587
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.03% / 7.01%
||
7 Day CHG~0.00%
Published-23 Mar, 2026 | 12:46
Updated-24 Apr, 2026 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HybridAuth SSL Curl.php certificate validation

A vulnerability was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of the file src/HttpClient/Curl.php of the component SSL Handler. The manipulation of the argument curlOptions results in improper certificate validation. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-n/a
Product-HybridAuth
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-295
Improper Certificate Validation
CVE-2015-2047
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-2.6||LOW
EPSS-0.77% / 73.56%
||
7 Day CHG~0.00%
Published-23 Feb, 2015 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.

Action-Not Available
Vendor-n/aDebian GNU/LinuxTYPO3 Association
Product-debian_linuxtypo3n/a
CWE ID-CWE-287
Improper Authentication
CVE-2025-7095
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.12% / 30.13%
||
7 Day CHG+0.07%
Published-06 Jul, 2025 | 21:32
Updated-18 Jul, 2025 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Comodo Internet Security Premium Update certificate validation

A vulnerability classified as critical has been found in Comodo Internet Security Premium 12.3.4.8162. This affects an unknown part of the component Update Handler. The manipulation leads to improper certificate validation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-comodoComodo
Product-internet_securityInternet Security Premium
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-295
Improper Certificate Validation
CVE-2012-0717
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-2.6||LOW
EPSS-0.07% / 20.19%
||
7 Day CHG~0.00%
Published-20 Jun, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-287
Improper Authentication
CVE-2025-3850
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.21% / 43.06%
||
7 Day CHG~0.00%
Published-22 Apr, 2025 | 00:00
Updated-15 Oct, 2025 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
YXJ2018 SpringBoot-Vue-OnlineExam API improper authentication

A vulnerability, which was classified as problematic, has been found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This issue affects some unknown processing of the component API. The manipulation leads to improper authentication. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-yxj2018YXJ2018
Product-springboot-vue-onlineexamSpringBoot-Vue-OnlineExam
CWE ID-CWE-287
Improper Authentication
CVE-2019-15796
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-4.7||MEDIUM
EPSS-0.17% / 38.41%
||
7 Day CHG~0.00%
Published-26 Mar, 2020 | 13:00
Updated-16 Sep, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
python-apt downloads from untrusted sources

Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.

Action-Not Available
Vendor-Canonical Ltd.UbuntuDebian GNU/Linux
Product-ubuntu_linuxpython-aptPython-apt
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2009-0591
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-2.6||LOW
EPSS-2.42% / 85.22%
||
7 Day CHG~0.00%
Published-27 Mar, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CWE ID-CWE-287
Improper Authentication
Details not found