OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key.
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
AV:N/AC:M/Au:N/C:P/I:N/A:N
Vendors | Products |
---|---|
Openafs |
|
Debian |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
References
Link | Resource |
---|---|
http://www.debian.org/security/2013/dsa-2729 | Third Party Advisory |
http://www.mandriva.com/security/advisories?name=MDVSA-2014:244 | Broken Link |
http://www.openafs.org/pages/security/OPENAFS-SA-2013-003.txt | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2013-11-05T21:00:00
Updated: 2015-03-19T15:57:00
Reserved: 2013-06-12T00:00:00
Link: CVE-2013-4134
JSON object: View
NVD Information
Status : Analyzed
Published: 2013-11-05T21:55:08.890
Modified: 2016-08-24T15:30:15.403
Link: CVE-2013-4134
JSON object: View
Redhat Information
No data.
CWE