Cryptographic Weakness in SUSE Lifecycle Management Server by SUSE
CVE-2013-3710

Currently unrated

Key Information:

Vendor: Novell
Status: Suse Lifecycle Management Server
Vendor: CVE Published:; 10 December 2013

Summary

SUSE Lifecycle Management Server (SLMS) prior to version 1.3.7 suffers from a cryptographic vulnerability that results from the service failing to generate a new secret key at startup. This flaw enables remote attackers to exploit knowledge of previously used keys obtained from other installations, thereby bypassing intended cryptographic protections.

References

https://www.suse.com/support/update/announcement/2013/sus...

vendor-advisoryx_refsource_SUSE

https://bugzilla.novell.com/show_bug.cgi?id=852101

x_refsource_CONFIRM

http://osvdb.org/100653

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Dec 10, 2013
Vulnerability Reserved
May 30, 2013