CVE-2019-18906 — Vulnetix

CVE-2019-18906 PUBLISHED CVSS 9.800000190734863 CRITICAL

A Use of Password Hash Instead of Password for Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4.

EPSS 0.33% · 56.1th percentile

Risk Scores

CVSS 3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.33%

56.1th percentile

Affected Products

Vendor	Product	Versions
SUSE	SUSE Manager Server 4.0	cryptctl
SUSE	SUSE Linux Enterprise Server for SAP 12-SP5	cryptctl
opensuse	cryptctl	0, 0

Exploit Intelligence

https://bugzilla.suse.com/show_bug.cgi?id=1186226 (circl)

Timeline

Jun 24, 2021 CVE Published
Jun 30, 2021 EPSS Score
Aug 29, 2021 EPSS Score
Oct 28, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Feb 26, 2022 EPSS Score
Apr 27, 2022 EPSS Score
Jun 26, 2022 EPSS Score
Aug 26, 2022 EPSS Score
Oct 25, 2022 EPSS Score
Dec 24, 2022 EPSS Score
Feb 22, 2023 EPSS Score

References

Open in Interactive Console →