Replay Attack Vulnerability in Ceph Client Authentication Protocol by Ceph
CVE-2018-1128

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Ceph
Vendor: CVE Published:; 10 July 2018

What is CVE-2018-1128?

The Ceph software's cephx authentication protocol is exposed to a serious flaw due to inadequate verification of ceph clients. This vulnerability enables an attacker with access to the ceph cluster network to intercept and replay authentication requests. By capturing packets, the adversary could impersonate legitimate ceph clients, potentially gaining unauthorized access to ceph services and executing actions permitted within the environment. The flaw affects various branches, including master, mimic, luminous, and jewel, raising significant security concerns.

Affected Version(s)

ceph All versions in branches master, mimic, luminous and jewel

References

https://access.redhat.com/errata/RHSA-2018:2261

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2018:2177

vendor-advisoryx_refsource_REDHAT

https://github.com/ceph/ceph/commit/5ead97120e07054d80623...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2018
Vulnerability Reserved
Dec 4, 2017

Red Hat

What is CVE-2018-1128?

Affected Version(s)

References

CVSS V3.1

Timeline