The vos command in OpenAFS 1.6.x prior to 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote malicious users to obtain sensitive information by sniffing the network.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openafs openafs 1.6.2.1 |
||
openafs openafs 1.6.3 |
||
openafs openafs 1.6.4 |
||
openafs openafs 1.6.1 |
||
openafs openafs 1.6.0 |
||
openafs openafs 1.6.2 |
||
debian debian linux 7.0 |