Vulnerability Database

319,560

Total vulnerabilities in the database

CVE-2020-4042

Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8.

Published: Jul 10, 2020
Updated: Nov 16, 2025
CVE: CVE-2020-4042
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.8
AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-294

Affected Software
References

Software	From	Fixed in
bareos / bareos	19.2.8-pre	19.2.8-pre.x
bareos / bareos	-	19.2.7.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo