Vulnerabilities > CVE-2024-45407 - Unspecified vulnerability in Lizardbyte Sunshine 20240527

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

lizardbyte

NVD

Published: 2024-09-10

Updated: 2024-09-20

Summary

Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing authentication due to a PIN validation error. The pairing attempt fails due to the incorrect PIN, but the certificate from the forged pairing attempt is incorrectly persisted prior to the completion of the pairing request. This allows access to the certificate belonging to the attacker.

Vulnerable Configurations

Part	Description	Count
Application	Lizardbyte Lizardbyte Sunshine 2024-05-27	1

References

https://github.com/LizardByte/Sunshine/security/advisories/GHSA-jqph-8cp5-g874
https://github.com/LizardByte/Sunshine/commit/5fcd07ecb1428bfe245ad6fa349aead476c7e772
https://github.com/LizardByte/Sunshine/commit/fd7e68457a134102d1b30af5796c79f2aa623224