ignitionServer Server Linking Password Verification Bypass
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity,
Loss of Availability
Ignition server contains a flaw that may allow a malicious user to link to server without password. The issue is due to missing the password verfication when linking server. It is possible that the flaw may allow a remote attacker to link to a server, kill the clients on the server and crash the server, resulting in a loss of confidentiality, integrity, and/or availability.
Upgrade to version 0.3.1-P1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.