Bareos before version 19.2.8 Authentication Bypass by Capture-replay Vulnerability

Summary

Bareos allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself.

Credit:

The information has been provided by Pasi Saarinen

The original article can be found at:https://bugs.bareos.org/view.php?id=1250


Details

Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director’s cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8.

 

Vulnerable Systems:

Bareos before version 19.2.8

 

CVE Information:

CVE-2020-4042

 

Disclosure Timeline:
Published Date:7/10/2020

Categories: News