CVE-2019-18906

Опубликовано: 30 июн. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4.

Ссылки

https://bugzilla.suse.com/show_bug.cgi?id=1186226
Issue Tracking
Vendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1186226
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:opensuse:cryptctl:*:*:*:*:*:*:*:*

Версия до 2.4 (исключая)

cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:sap:*:*

Конфигурация 2

Одновременно

cpe:2.3:a:opensuse:cryptctl:*:*:*:*:*:*:*:*

Версия до 2.4 (исключая)

cpe:2.3:a:suse:manager_server:4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00328

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

openSUSE-SU-2021:2136-1

suse-cvrf

больше 4 лет назад

Security update for cryptctl

openSUSE-SU-2021:0907-1

suse-cvrf

больше 4 лет назад

Security update for cryptctl

SUSE-SU-2021:2137-1

suse-cvrf

больше 4 лет назад

Security update for cryptctl

SUSE-SU-2021:2136-1

suse-cvrf

больше 4 лет назад

Security update for cryptctl

GHSA-x9cr-r4j4-8ph8

CVSS3: 9.8

github

больше 3 лет назад

A Use of Password Hash Instead of Password for Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4.

EPSS

Процентиль: 55%

0.00328

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287