Authentication flaw

2018-07-1014:29:00

PRIOn knowledge base

www.prio-n.com

7.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.2%

JSON

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.

CPENameOperatorVersion
debian_linuxeq8.0
debian_linuxeq9.0
leapeq15.0
cephge10.2.0
cephle13.2.1
ceph_storageeq3
ceph_storage_moneq2
ceph_storage_moneq3
ceph_storage_osdeq2
ceph_storage_osdeq3

Name	Operator	Version
debian_linux	eq	8.0
debian_linux	eq	9.0
leap	eq	15.0
ceph	ge	10.2.0
ceph	le	13.2.1
ceph_storage	eq	3
ceph_storage_mon	eq	2
ceph_storage_mon	eq	3
ceph_storage_osd	eq	2
ceph_storage_osd	eq	3