Password Comparison Flaw in Icinga Product by Icinga
CVE-2018-6535

8.1HIGH

Key Information:

Vendor: Icinga
Status: Icinga
Vendor: CVE Published:; 27 February 2018

What is CVE-2018-6535?

Icinga 2.x versions up to 2.8.1 are susceptible to a vulnerability due to the absence of a constant-time password comparison function. This deficiency can allow malicious actors to exploit the vulnerability and potentially disclose user passwords, compromising the security of the application. This issue emphasizes the importance of implementing secure coding practices to mitigate risks associated with password handling.

References

https://github.com/Icinga/icinga2/pull/5715

x_refsource_CONFIRM

https://github.com/Icinga/icinga2/issues/4920

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 27, 2018
Vulnerability Reserved
Feb 2, 2018

CVE-2018-6535 Data

JSON