Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authentication bypass in Bareos
Vulnerability Description
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
Vulnerability Type
使用捕获-重放进行的认证绕过
Vulnerability Title
Bareos 安全漏洞
Vulnerability Description
Bareos是德国Bareos公司的一套开源的数据备份存储和恢复软件。 Bareos 19.2.8及之前版本中存在安全漏洞。攻击者可利用该漏洞绕过身份验证。
CVSS Information
N/A
Vulnerability Type
N/A