Plateforme
linux
Composant
cryptctl
Corrigé dans
2.4
2.4
CVE-2019-18906 is an Improper Authentication vulnerability affecting the cryptctl component in SUSE Linux Enterprise Server for SAP 12-SP5 and SUSE Manager Server 4.0. This flaw allows attackers possessing a hashed password to authenticate without cracking it, potentially leading to unauthorized access to sensitive data. The vulnerability impacts versions of cryptctl prior to 2.4, and a fix is available in version 2.4.
The primary impact of CVE-2019-18906 is the potential for unauthorized access to encrypted data managed by cryptctl. An attacker who obtains a hashed password, either through previous breaches or other means, can leverage this vulnerability to bypass the normal authentication process and gain access to protected resources. This could include sensitive configuration files, encryption keys, or other confidential information. The blast radius is limited to systems where the vulnerable cryptctl version is deployed and where hashed passwords are accessible to a malicious actor. This vulnerability shares similarities with other authentication bypass flaws where weak password hashing or inadequate authentication checks are exploited.
CVE-2019-18906 was publicly disclosed in June 2021. While no active exploitation campaigns have been definitively linked to this CVE, the CRITICAL severity score indicates a high potential for exploitation if the vulnerability is discovered and exploited. It is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, but the ease of exploitation given access to a hashed password makes it a significant risk.
Organizations running SUSE Linux Enterprise Server for SAP 12-SP5 and SUSE Manager Server 4.0 with versions of cryptctl prior to 2.4 are at risk. This includes environments that rely heavily on encryption for data protection and those with legacy systems that may be difficult to upgrade quickly. Shared hosting environments using these platforms are also particularly vulnerable.
• linux / server:
journalctl -u cryptctl | grep -i "authentication success"• linux / server:
ps aux | grep cryptctl• linux / server:
find / -name 'cryptctl' -type fdiscovery
disclosure
Statut de l'Exploit
EPSS
0.33% (percentile 56%)
Vecteur CVSS
The primary mitigation for CVE-2019-18906 is to upgrade cryptctl to version 2.4 or later. If an immediate upgrade is not feasible due to compatibility concerns or system downtime requirements, consider implementing stricter password policies to minimize the risk of attackers obtaining valid hashed passwords. While a direct workaround is not available, reviewing and auditing access controls to encrypted data can help detect and prevent unauthorized access. After upgrading, confirm the fix by attempting authentication with a known hashed password and verifying that it is rejected.
Actualice el paquete cryptctl a la versión 2.4 o superior. Esto solucionará la vulnerabilidad de autenticación incorrecta que permite a los atacantes usar la contraseña con hash sin tener que descifrarla.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2019-18906 is a critical vulnerability in the cryptctl component of SUSE Linux Enterprise Server for SAP and SUSE Manager Server, allowing attackers with hashed passwords to bypass authentication.
You are affected if you are running SUSE Linux Enterprise Server for SAP 12-SP5 or SUSE Manager Server 4.0 with cryptctl versions prior to 2.4.
Upgrade cryptctl to version 2.4 or later to resolve the vulnerability. Review and strengthen password policies as a preventative measure.
While no active campaigns have been definitively linked, the CRITICAL severity suggests a high potential for exploitation if the vulnerability is discovered.
Refer to the SUSE Security Advisory for detailed information and mitigation steps: https://www.suse.com/security/cve/CVE-2019-18906/
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.