Vulnerabilities > CVE-2017-1000406 - 7PK - Security Features vulnerability in Opendaylight Karaf 0.6.1Carbon

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

opendaylight

CWE-254

NVD

Published: 2017-11-30

Updated: 2017-12-20

Summary

OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart).

Vulnerable Configurations

Part	Description	Count
Application	Opendaylight Opendaylight Karaf 0.6.1-Carbon	1

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

References

https://jira.opendaylight.org/browse/AAA-151
https://git.opendaylight.org/gerrit/#/q/topic:AAA-151
http://seclists.org/oss-sec/2017/q4/320