CVE Vulnerabilities

CVE-2013-7239

Improper Authentication

Published: Jan 13, 2014 | Modified: Mar 25, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.8 MEDIUM
AV:A/AC:L/Au:N/C:P/I:P/A:N
RedHat/V2
4.8 MODERATE
AV:A/AC:L/Au:N/C:P/I:P/A:N
RedHat/V3
Ubuntu
MEDIUM

memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Memcached Memcached * 1.4.16 (including)
Memcached Memcached 1.4.0 (including) 1.4.0 (including)
Memcached Memcached 1.4.1 (including) 1.4.1 (including)
Memcached Memcached 1.4.2 (including) 1.4.2 (including)
Memcached Memcached 1.4.3 (including) 1.4.3 (including)
Memcached Memcached 1.4.4 (including) 1.4.4 (including)
Memcached Memcached 1.4.5 (including) 1.4.5 (including)
Memcached Memcached 1.4.6 (including) 1.4.6 (including)
Memcached Memcached 1.4.7 (including) 1.4.7 (including)
Memcached Memcached 1.4.8 (including) 1.4.8 (including)
Memcached Memcached 1.4.9 (including) 1.4.9 (including)
Memcached Memcached 1.4.10 (including) 1.4.10 (including)
Memcached Memcached 1.4.11 (including) 1.4.11 (including)
Memcached Memcached 1.4.12 (including) 1.4.12 (including)
Memcached Memcached 1.4.13 (including) 1.4.13 (including)
Memcached Memcached 1.4.14 (including) 1.4.14 (including)
Memcached Memcached 1.4.15 (including) 1.4.15 (including)
Memcached Ubuntu devel *
Memcached Ubuntu lucid *
Memcached Ubuntu quantal *
Memcached Ubuntu raring *
Memcached Ubuntu saucy *
Memcached Ubuntu upstream *

Potential Mitigations

References