Hash Collisions in Apache CloudStack and Citrix CloudPlatform
CVE-2013-2758

Currently unrated

Key Information:

Vendor: Apache
Status: Cloudstack; Cloudplatform
Vendor: CVE Published:; 23 May 2014

Summary

A vulnerability exists in Apache CloudStack versions before 4.0.2 and Citrix CloudPlatform versions before 3.0.6 Patch C, where a predictable hash sequence allows remote attackers to exploit console access URLs. This predictability can lead to unauthorized access through brute force attempts, posing significant security risks for the affected systems.

References

http://osvdb.org/92749

vdb-entryx_refsource_OSVDB

http://support.citrix.com/article/CTX135815

x_refsource_CONFIRM

http://mail-archives.apache.org/mod_mbox/cloudstack-dev/2...

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
May 23, 2014
Vulnerability Reserved
Apr 3, 2013