3 matches found
CVE-2020-4042
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge...
CVE-2020-4042 Authentication bypass in Bareos
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge...
CVE-2020-4042
Bareos before version 19.2.8 is vulnerable to an authentication bypass where a malicious client can replay the director’s cram-md5 challenge to the director itself, causing the director to treat the replay as a valid response to its original challenge. The issue arises when the director allows cl...