Vulnerabilities > CVE-2019-18906 - Unspecified vulnerability in Opensuse Cryptctl

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

opensuse

critical

NVD

Published: 2021-06-30

Updated: 2024-11-21

Summary

A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4.

Vulnerable Configurations

Part	Description	Count
Application	Opensuse Opensuse Cryptctl - Opensuse Cryptctl 1.2.6 Opensuse Cryptctl 1.99 Opensuse Cryptctl 2.0 Opensuse Cryptctl 2.1 Opensuse Cryptctl 2.2 Opensuse Cryptctl 2.3	7
Application	Suse Suse Manager Server 4.0	1
OS	Suse Suse Linux Enterprise Server 12	1

Summary

Vulnerable Configurations

References