CVE-2020-4042

Published: Jul 10, 2020Modified: Nov 21, 2024

6.8

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

Exploitability: 2.2 / Impact: 4.0

Source: NVD

Description

Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8.

Affected (2)

Products: Bareos: Bareos

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Bareos Bareos	Up to 19.2.7
Bareos Bareos	Version 19.2.8 pre

Related CWEs

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

References (4)

https://bugs.bareos.org/view.php?id=1250

Source: security-advisories@github.com

Vendor Advisory

https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752

Source: security-advisories@github.com

MitigationThird Party Advisory

https://bugs.bareos.org/view.php?id=1250

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party Advisory

Timeline

No history available yet.