The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openafs | Openafs | 1.6.0 | 1.6.0 |
Openafs | Openafs | 1.6.4 | 1.6.4 |
Openafs | Openafs | 1.6.1 | 1.6.1 |
Openafs | Openafs | 1.6.3 | 1.6.3 |
Openafs | Openafs | 1.6.2 | 1.6.2 |
Openafs | Openafs | 1.6.2.1 | 1.6.2.1 |