Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Incorrect Authorization in Bareos Director
Vulnerability Description
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, it will skip authorization checks completely. Expired accounts and accounts with expired passwords can still login. This problem will affect users that have PAM enabled. Currently there is no authorization (e.g. check for expired or disabled accounts), but only plain authentication (i.e. check if username and password match). Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 implement the authorization check that was previously missing. The only workaround is to make sure that authentication fails if the user is not authorized.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
授权机制不正确
Vulnerability Title
Bareos 安全漏洞
Vulnerability Description
Bareos是德国Bareos公司的一套开源的数据备份存储和恢复软件。Bareos Director是Bareos的守护进程。 Bareos 存在安全漏洞,该漏洞源于受影响产品在为 PAM 身份验证构建和配置时将完全跳过授权检查,过期帐户和密码过期的帐户仍然可以登录。
CVSS Information
N/A
Vulnerability Type
N/A