PT-2021-9005 · Suse · Suse Linux Enterprise Server For Sap+2

Malte Kraus

Published

2021-06-23

Updated

2024-06-15

CVE-2019-18906

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4 SUSE Manager Server 4.0 cryptctl versions prior to 2.4

Description A vulnerability in cryptctl allows attackers with access to the hashed password to use it without having to crack it. This issue enables attackers to bypass proper authentication mechanisms.

Recommendations For SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4, update to version 2.4 or later. For SUSE Manager Server 4.0 cryptctl versions prior to 2.4, update to version 2.4 or later.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2019-18906

OPENSUSE-SU-2021:0907-1

OPENSUSE-SU-2021:2136-1

OPENSUSE-SU-2021_0907-1

OPENSUSE-SU-2021_2136-1

OPENSUSE-SU-2024:12078-1

SUSE-SU-2021:2136-1

SUSE-SU-2021:2137-1

SUSE-SU-2021_2136-1

SUSE-SU-2021_2137-1

Affected Products

Suse Linux Enterprise Server For Sap

Suse Manager Server

Suse

PT-2021-9005 · Suse · Suse Linux Enterprise Server For Sap+2

CVE-2019-18906

Weakness Enumeration

Related Identifiers

Affected Products

References · 16