OpenAFS Sensitive Information Disclosure Vulnerabilities
The information has been provided by John Stumpo.
* OpenAFS before 1.6.15 and 1.7.x before 1.7.33
* OpenAFS after 1.6.15 and 1.7.x after 1.7.33
OpenAFS is prone to multiple information-disclosure vulnerabilities. An attacker can exploit these issues to gain portions of the plaintext of arbitrary encrypted packets by replaying them against the original recipient and observing the responding ACK packet. This may aid in further attacks.
Original release date: 11/06/2015
Last revised: 11/09/2015