CVE-2017-1000406

OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
opendaylightkaraf
0.6.1-carbon
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/oss-sec/2017/q4/320
https://git.opendaylight.org/gerrit/#/q/topic:AAA-151
https://jira.opendaylight.org/browse/AAA-151
http://seclists.org/oss-sec/2017/q4/320
https://git.opendaylight.org/gerrit/#/q/topic:AAA-151
https://jira.opendaylight.org/browse/AAA-151