Computer Security
[EN] securityvulns.ru no-pyccku


OpenAFS security vulnerabilities
Published:29.07.2013
Source:
SecurityVulns ID:13225
Type:local
Threat Level:
4/10
Description:Weak enbcryption algorithm
Affected:OPENAFS : OpenAFS 1.6
CVE:CVE-2013-4135 (The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.)
 CVE-2013-4134 (OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2729-1] openafs security update (29.07.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod