Michael Meffie

**Name of the Vulnerable Software and Affected Versions** OpenAFS versions 1.6.x through 1.6.4 OpenAFS version 1.6.5 and later are not affected, but since the issue is with versions before 1.6.5, we can simplify to: OpenAFS versions prior to 1.6.5 **Description** The issue allows remote attackers to obtain sensitive information by sniffing the network due to the vos command in OpenAFS only enabling integrity protection and sending data in cleartext when using the -encrypt option. Multiple vulnerabilities in the OpenAFS package may lead to violations of confidentiality, integrity, and availability of protected information, and these can be exploited remotely. **Recommendations** For OpenAFS versions prior to 1.6.5, update to version 1.6.5 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the -encrypt option with the vos command until a patch is available.