CVE-2017-1000406

EUVD-2022-2423
OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
opendaylightkaraf
0.6.1-carbon
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/oss-sec/2017/q4/320
https://git.opendaylight.org/gerrit/#/q/topic:AAA-151
https://jira.opendaylight.org/browse/AAA-151
http://seclists.org/oss-sec/2017/q4/320
https://git.opendaylight.org/gerrit/#/q/topic:AAA-151
https://jira.opendaylight.org/browse/AAA-151