A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-07-10T14:00:00Z

Updated: 2024-09-17T01:45:51.875Z

Reserved: 2017-12-04T00:00:00

Link: CVE-2018-1129

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-07-10T14:29:00.417

Modified: 2024-11-21T03:59:15.087

Link: CVE-2018-1129

cve-icon Redhat

Severity : Moderate

Publid Date: 2018-07-09T12:00:00Z

Links: CVE-2018-1129 - Bugzilla