Platform
linux
Component
cryptctl
Fixed in
2.4
2.4
CVE-2019-18906 is an Improper Authentication vulnerability affecting the cryptctl component in SUSE Linux Enterprise Server for SAP 12-SP5 and SUSE Manager Server 4.0. This flaw allows attackers possessing a hashed password to authenticate without cracking it, potentially leading to unauthorized access to sensitive data. The vulnerability impacts versions of cryptctl prior to 2.4, and a fix is available in version 2.4.
The primary impact of CVE-2019-18906 is the potential for unauthorized access to encrypted data managed by cryptctl. An attacker who obtains a hashed password, either through previous breaches or other means, can leverage this vulnerability to bypass the normal authentication process and gain access to protected resources. This could include sensitive configuration files, encryption keys, or other confidential information. The blast radius is limited to systems where the vulnerable cryptctl version is deployed and where hashed passwords are accessible to a malicious actor. This vulnerability shares similarities with other authentication bypass flaws where weak password hashing or inadequate authentication checks are exploited.
CVE-2019-18906 was publicly disclosed in June 2021. While no active exploitation campaigns have been definitively linked to this CVE, the CRITICAL severity score indicates a high potential for exploitation if the vulnerability is discovered and exploited. It is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, but the ease of exploitation given access to a hashed password makes it a significant risk.
Exploit Status
EPSS
0.33% (56% percentile)
CVSS Vector
The primary mitigation for CVE-2019-18906 is to upgrade cryptctl to version 2.4 or later. If an immediate upgrade is not feasible due to compatibility concerns or system downtime requirements, consider implementing stricter password policies to minimize the risk of attackers obtaining valid hashed passwords. While a direct workaround is not available, reviewing and auditing access controls to encrypted data can help detect and prevent unauthorized access. After upgrading, confirm the fix by attempting authentication with a known hashed password and verifying that it is rejected.
Update the cryptctl package to version 2.4 or higher. This will resolve the improper authentication vulnerability that allows attackers to use the hashed password without having to decrypt it.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2019-18906 is a critical vulnerability in the cryptctl component of SUSE Linux Enterprise Server for SAP and SUSE Manager Server, allowing attackers with hashed passwords to bypass authentication.
You are affected if you are running SUSE Linux Enterprise Server for SAP 12-SP5 or SUSE Manager Server 4.0 with cryptctl versions prior to 2.4.
Upgrade cryptctl to version 2.4 or later to resolve the vulnerability. Review and strengthen password policies as a preventative measure.
While no active campaigns have been definitively linked, the CRITICAL severity suggests a high potential for exploitation if the vulnerability is discovered.
Refer to the SUSE Security Advisory for detailed information and mitigation steps: https://www.suse.com/security/cve/CVE-2019-18906/
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.