N/A

It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.

N/A

密码学签名的验证不恰当

spacewalk 数据伪造问题漏洞

spacewalk是一套开源的Linux系统管理解决方案。 Spacewalk 2.9版本中存在数据伪造问题漏洞，该漏洞源于程序没有安全地计算客户端令牌的总和检验码。攻击者可利用该漏洞延长会话的有效期。

N/A

N/A