Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
In Netatalk 1.5.0 through 4.4.2, des-ecb auth with timing side channel. Fixed in 4.5.0.
AnalysisAI
Timing side-channel exposure in Netatalk's DES-ECB authentication allows a remote unauthenticated attacker to conduct a cryptographic timing oracle attack against the AFP server, potentially recovering authentication secrets or credentials through statistical analysis of server response latency. Affected versions span 1.5.0 through 4.4.2 - a broad range covering multiple major releases - and the issue is rooted in non-constant-time operations during DES-ECB auth processing (CWE-208). No public exploit has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog; Netatalk 4.5.0 resolves the issue per the vendor advisory.
Technical ContextAI
Netatalk is an open-source implementation of the Apple Filing Protocol (AFP), enabling Linux and Unix systems to serve files to macOS clients over a network. The vulnerability resides in the DES-ECB (Data Encryption Standard in Electronic Codebook mode) authentication pathway. CWE-208 (Observable Timing Discrepancy) describes side-channel weaknesses where differences in processing time during cryptographic operations leak information about secret values to an observer. DES-ECB is itself a structurally weak cipher mode - ECB is deterministic and lacks semantic security - making its use in an authentication context compoundingly risky. The timing discrepancy most likely arises from non-constant-time comparison or decryption logic during the auth handshake, permitting an attacker to build a statistical timing oracle by issuing many probes and measuring latency variations. CPE cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:* confirms this affects the Netatalk application directly, not an OS or library dependency.
RemediationAI
Upgrade to Netatalk 4.5.0 or later, which resolves the DES-ECB timing side channel per the vendor advisory at https://netatalk.io/security/CVE-2026-44061. This is a vendor-released patch at an exact confirmed version. If immediate upgrade is operationally infeasible, consider disabling the DES-ECB authentication method in afpd.conf and enforcing use of stronger authentication mechanisms such as DHX2, which Netatalk also supports - note this may break compatibility with very old macOS clients that rely exclusively on legacy DES-ECB auth, so test against client population before enforcing. Additionally, restricting AFP service access at the firewall or network perimeter to only trusted hosts limits the attacker's ability to collect the high-volume timing measurements required for a successful oracle attack; this is a meaningful compensating control given the AC:H requirement.
Same weakness CWE-208 – Observable Timing Discrepancy
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| SUSE Linux Enterprise Server 12 SP5 | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | Fixed |
| SUSE Linux Enterprise Desktop 12 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP1 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP2 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP3 | Fixed |
| SUSE Linux Enterprise Desktop 12 SP4 | Fixed |
| SUSE Linux Enterprise Server 12 | Fixed |
| SUSE Linux Enterprise Server 12 SP1 | Fixed |
| SUSE Linux Enterprise Server 12 SP2 | Fixed |
| SUSE Linux Enterprise Server 12 SP3 | Fixed |
| SUSE Linux Enterprise Server 12 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP2 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP3 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP1 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP2 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP3 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP4 | Fixed |
| SUSE Linux Enterprise Software Development Kit 12 SP5 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP1 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP2 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP3 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP4 | Fixed |
| SUSE Linux Enterprise Workstation Extension 12 SP5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31236
GHSA-9jg7-fcmv-j845