47 matches found
ceph: cephx uses weak signatures
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network, who is able to alter the message payload, was able to bypass signature checks done by cephx protocol...
ceph: cephx protocol is vulnerable to replay attack
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to the ceph cluster network who is also able to sniff packets on the network can use this vulnerability to authenticate with ceph service and perfo...
Red Hat Ceph Weak Signature Vulnerability
Red Hat Ceph is a Linux PB-level distributed file system from Red Hat. The main goal of the system is to be designed as a distributed file system without a single point of failure based on POSIX Portable Operating System Interface, so that data can be fault-tolerant and seamlessly replicated.Ceph...
Red Hat Ceph Design Vulnerability
Red Hat Ceph is a Linux PB-level distributed file system from Red Hat. The main goal of the system is to be designed as a distributed file system without a single point of failure based on POSIX Portable Operating System Interface, so that data can be fault-tolerant and seamlessly replicated.Ceph...
ceph: cephx uses weak signatures
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network, who is able to alter the message payload, was able to bypass signature checks done by cephx protocol...
ceph: cephx protocol is vulnerable to replay attack
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to the ceph cluster network who is also able to sniff packets on the network can use this vulnerability to authenticate with ceph service and perfo...
DEBIAN-CVE-2018-1128
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions...