Openafs
CVE-2013-4134
MEDIUM
Severity by source
AV:N/AC:M/Au:N/C:P/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:N/C:P/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key.
AnalysisAI
OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-310. OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key. Affected products include: Openafs, Debian Debian Linux. Version information: before 1.4.15.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Rated critical severity (CVSS 9.8), this vulner
A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing th
Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory o
OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of
A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code.
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized s
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Rated high severity (CVSS 7.5), this vulnerabil
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Rated high severity (CVSS 7.5), this vulnerabil
Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial
OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors. Rated medium severity (CVSS
The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerb
Same weakness CWE-310 – Cryptographic Issues
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today