CVE-2013-4135

2013-11-0521:55:12

CWE-310

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.001

Percentile

51.1%

JSON

The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.

Affected configurations

Nvd

Node

openafsopenafsMatch1.6.0

openafsopenafsMatch1.6.1

openafsopenafsMatch1.6.2

openafsopenafsMatch1.6.2.1

openafsopenafsMatch1.6.3

openafsopenafsMatch1.6.4

Node

debiandebian_linuxMatch7.0

VendorProductVersionCPE
openafsopenafs1.6.0cpe:2.3:a:openafs:openafs:1.6.0:*:*:*:*:*:*:*
openafsopenafs1.6.1cpe:2.3:a:openafs:openafs:1.6.1:*:*:*:*:*:*:*
openafsopenafs1.6.2cpe:2.3:a:openafs:openafs:1.6.2:*:*:*:*:*:*:*
openafsopenafs1.6.2.1cpe:2.3:a:openafs:openafs:1.6.2.1:*:*:*:*:*:*:*
openafsopenafs1.6.3cpe:2.3:a:openafs:openafs:1.6.3:*:*:*:*:*:*:*
openafsopenafs1.6.4cpe:2.3:a:openafs:openafs:1.6.4:*:*:*:*:*:*:*
debiandebian_linux7.0cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openafs	openafs	1.6.0	cpe:2.3:a:openafs:openafs:1.6.0:::::::*
openafs	openafs	1.6.1	cpe:2.3:a:openafs:openafs:1.6.1:::::::*
openafs	openafs	1.6.2	cpe:2.3:a:openafs:openafs:1.6.2:::::::*
openafs	openafs	1.6.2.1	cpe:2.3:a:openafs:openafs:1.6.2.1:::::::*
openafs	openafs	1.6.3	cpe:2.3:a:openafs:openafs:1.6.3:::::::*
openafs	openafs	1.6.4	cpe:2.3:a:openafs:openafs:1.6.4:::::::*
debian	debian_linux	7.0	cpe:2.3:o:debian:debian_linux:7.0:::::::*