Unrated severityNVD Advisory· Published Jul 10, 2020· Updated Aug 4, 2024
Authentication bypass in Bareos
CVE-2020-4042
Description
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- bugs.bareos.org/view.phpmitrex_refsource_MISC
- github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.