An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with the barriers component (aka the server-side implementation of Barrier) simply by supplying a client label that identifies a valid client configuration. This label is "Unnamed" by default but could instead be guessed from hostnames or other publicly available information. In the active session state, an attacker can capture input device events from the server, and also modify the clipboard content on the server.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-11-08T00:00:00

Updated: 2024-08-04T03:22:26.062Z

Reserved: 2021-10-07T00:00:00

Link: CVE-2021-42073

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-11-08T04:15:08.500

Modified: 2024-11-21T06:27:11.580

Link: CVE-2021-42073

cve-icon Redhat

No data.