Patrick Hurst

**Name of the Vulnerable Software and Affected Versions** OpenAFS versions prior to 1.4.15 OpenAFS versions 1.6.x prior to 1.6.5 OpenAFS versions 1.7.x prior to 1.7.26 **Description** The issue is related to the use of weak encryption, specifically DES, for Kerberos keys in OpenAFS. This weakness makes it easier for remote attackers to obtain the service key, potentially leading to breaches of confidentiality, integrity, and availability of protected information. The exploitation of these weaknesses can be done remotely. **Recommendations** For OpenAFS versions prior to 1.4.15, update to version 1.4.15 or later. For OpenAFS versions 1.6.x prior to 1.6.5, update to version 1.6.5 or later. For OpenAFS versions 1.7.x prior to 1.7.26, update to version 1.7.26 or later.