Vulnerability Description
A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opensuse | Cryptctl | < 2.4 |
| Suse | Linux Enterprise Server | 12 |
| Suse | Manager Server | 4.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.suse.com/show_bug.cgi?id=1186226Issue TrackingVendor Advisory
- https://bugzilla.suse.com/show_bug.cgi?id=1186226Issue TrackingVendor Advisory
FAQ
What is CVE-2019-18906?
CVE-2019-18906 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having...
How severe is CVE-2019-18906?
CVE-2019-18906 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-18906?
Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Cryptctl, Suse Linux Enterprise Server, Suse Manager Server.