Published: 05/11/2013 Updated: 24/08/2016

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

The vos command in OpenAFS 1.6.x prior to 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote malicious users to obtain sensitive information by sniffing the network.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openafs openafs 1.6.2.1
openafs openafs 1.6.3
openafs openafs 1.6.4
openafs openafs 1.6.1
openafs openafs 1.6.0
openafs openafs 1.6.2
debian debian linux 7.0

OpenAFS, the implementation of the distributed filesystem AFS, has been updated to no longer use DES for the encryption of tickets Additional migration steps are needed to fully set the update into effect For more information please see the upstream advisory: OPENAFS-SA-2013-003 In addition the encrypt option to the vos tool was fixed For the ol ...

CWE-310 http://www.openafs.org/pages/security/OPENAFS-SA-2013-004.txt http://www.debian.org/security/2013/dsa-2729 http://www.mandriva.com/security/advisories?name=MDVSA-2014:244 https://nvd.nist.gov https://www.debian.org/security/./dsa-2729

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-4135

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect