Vulnerability Details : CVE-2020-4042
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8.
Products affected by CVE-2020-4042
- cpe:2.3:a:bareos:bareos:*:*:*:*:*:*:*:*
- cpe:2.3:a:bareos:bareos:19.2.8:pre:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-4042
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 38 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-4042
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
6.8
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N |
2.2
|
4.0
|
NIST | |
6.8
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N |
2.2
|
4.0
|
GitHub, Inc. |
CWE ids for CVE-2020-4042
-
A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).Assigned by:
- nvd@nist.gov (Primary)
- security-advisories@github.com (Secondary)
References for CVE-2020-4042
-
https://bugs.bareos.org/view.php?id=1250
0001250: Authentication bypass in Director when allowing client and director initiated connections - Bareos Bug TrackerVendor Advisory
-
https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752
Authentication bypass in director when allowing client and director initiated connections · Advisory · bareos/bareos · GitHubMitigation;Third Party Advisory
Jump to