CVE-2013-4134

OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key.

Published: Nov 5, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-4134
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-310

Affected Software
References

Software	From	Fixed in
openafs / openafs	1.2.11	1.2.11.x
openafs / openafs	1.4.4	1.4.4.x
openafs / openafs	1.7.20	1.7.20.x
openafs / openafs	1.7.21	1.7.21.x
openafs / openafs	1.1.1a	1.1.1a.x
openafs / openafs	1.4.12	1.4.12.x
openafs / openafs	1.7.2	1.7.2.x
openafs / openafs	1.2.7	1.2.7.x
openafs / openafs	1.7.24	1.7.24.x
openafs / openafs	1.4.3	1.4.3.x
openafs / openafs	1.6.0	1.6.0.x
openafs / openafs	1.4.8_pre3	1.4.8_pre3.x
openafs / openafs	1.2.1	1.2.1.x
openafs / openafs	1.0	1.0.x
openafs / openafs	1.7.13	1.7.13.x
openafs / openafs	1.7.23	1.7.23.x
openafs / openafs	1.4.0	1.4.0.x
openafs / openafs	-	1.4.14.x
openafs / openafs	1.1	1.1.x
openafs / openafs	1.4.2	1.4.2.x
openafs / openafs	1.0.2	1.0.2.x
openafs / openafs	1.6.4	1.6.4.x
openafs / openafs	1.0.4	1.0.4.x
openafs / openafs	1.7.8	1.7.8.x
openafs / openafs	1.4.7_pre1	1.4.7_pre1.x
openafs / openafs	1.7.1	1.7.1.x
openafs / openafs	1.2.8	1.2.8.x
openafs / openafs	1.7.17	1.7.17.x
openafs / openafs	1.0.1	1.0.1.x
openafs / openafs	1.3.70	1.3.70.x
openafs / openafs	1.4.5	1.4.5.x
openafs / openafs	1.3.81	1.3.81.x
openafs / openafs	1.2.13	1.2.13.x
openafs / openafs	1.3.74	1.3.74.x
openafs / openafs	1.7.12	1.7.12.x
openafs / openafs	1.2.2b	1.2.2b.x
openafs / openafs	1.2.4	1.2.4.x
openafs / openafs	1.7.4	1.7.4.x
openafs / openafs	1.1.1	1.1.1.x
openafs / openafs	1.7.15	1.7.15.x
openafs / openafs	1.4.7_pre3	1.4.7_pre3.x
openafs / openafs	1.7.14	1.7.14.x
openafs / openafs	1.3.1	1.3.1.x
openafs / openafs	1.4.8_pre2	1.4.8_pre2.x
openafs / openafs	1.4.6	1.4.6.x
openafs / openafs	1.2.10	1.2.10.x
openafs / openafs	1.6.1	1.6.1.x
openafs / openafs	1.2.2	1.2.2.x
openafs / openafs	1.6.3	1.6.3.x
openafs / openafs	1.2.9	1.2.9.x
openafs / openafs	1.0.3	1.0.3.x
openafs / openafs	1.7.18	1.7.18.x
openafs / openafs	1.3	1.3.x
openafs / openafs	1.7.3	1.7.3.x
openafs / openafs	1.4.7_pre2	1.4.7_pre2.x
openafs / openafs	1.4.7_pre5	1.4.7_pre5.x
openafs / openafs	1.4.7	1.4.7.x
openafs / openafs	1.6.2	1.6.2.x
openafs / openafs	1.3.5	1.3.5.x
openafs / openafs	1.2.5	1.2.5.x
openafs / openafs	1.6.2.1	1.6.2.1.x
openafs / openafs	1.7.19	1.7.19.x
openafs / openafs	1.7.25	1.7.25.x
openafs / openafs	1.7.22	1.7.22.x
openafs / openafs	1.4.8	1.4.8.x
openafs / openafs	1.4.1	1.4.1.x
openafs / openafs	1.2.3	1.2.3.x
openafs / openafs	1.4	1.4.x
openafs / openafs	1.7.10	1.7.10.x
openafs / openafs	1.7.11	1.7.11.x
openafs / openafs	1.2.6	1.2.6.x
openafs / openafs	1.7.16	1.7.16.x
openafs / openafs	1.4.8_pre1	1.4.8_pre1.x
openafs / openafs	1.1.0	1.1.0.x
openafs / openafs	1.3.77	1.3.77.x
openafs / openafs	1.0.4a	1.0.4a.x
openafs / openafs	1.2	1.2.x
openafs / openafs	1.4.7_pre4	1.4.7_pre4.x
openafs / openafs	1.3.2	1.3.2.x
openafs / openafs	1.2.2a	1.2.2a.x
debian / debian_linux	7.0	7.0.x

Vulnerability Database

289,784

CVE-2013-4134