CVE-2017-1000406

Published: Nov 30, 2017

Modified: Sep 16, 2024

PUBLISHED

Description

OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://git.opendaylight.org/gerrit/#/q/topic:AAA-151

x_refsource_CONFIRM

https://jira.opendaylight.org/browse/AAA-151

x_refsource_CONFIRM

[oss-security] 20171123 OpenDayLight: Password change doesn't result in Karaf clearing cache, allowing old password to still be used (CVE-2017-1000406)

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-1000406

Description

Affected Products

References