Описание
Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked function return codes.
Ссылки
- Vendor Advisory
- Broken Link
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- URL Repurposed
- Vendor Advisory
- Broken Link
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- URL Repurposed
Уязвимые конфигурации
Конфигурация 1Версия до 1.3.5 (исключая)Версия от 2.6.0 (включая) до 2.6.39.4 (включая)
Одновременно
cpe:2.3:a:rsbac:rule_set_based_access_control:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00806
Низкий
6.4 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked function return codes.
EPSS
Процентиль: 74%
0.00806
Низкий
6.4 Medium
CVSS2
Дефекты
NVD-CWE-Other