Authentication Bypass by Capture-replay in bareos - CVE-2020-4042
Published: July 10, 2020 / Updated: August 8, 2020
Vulnerability identifier: #VU34159
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-4042
CWE-ID: CWE-294
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
bareos
bareos
Software vendor:
bareos
bareos
Description
The vulnerability allows a remote non-authenticated attacker to manipulate data.
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8.
Remediation
Install update from vendor's website.