CVE-2021-3979
EUVD-2021-2718125.08.2022, 20:15
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| redhat | ceph_storage | 3.0 |
| redhat | ceph_storage | 4.3 |
| redhat | ceph_storage | 5.1 |
| redhat | openshift_container_storage | 4.0 |
| redhat | openshift_data_foundation | 4.0 |
| redhat | openstack_platform | 13.0 |
| redhat | ceph_storage_for_ibm_z_systems | 4.0 |
| redhat | ceph_storage | 4.0 |
| redhat | ceph_storage | 5.0 |
| redhat | ceph_storage_for_power | 4.0 |
| redhat | ceph_storage | 4.0 |
| redhat | ceph_storage | 5.0 |
| redhat | ceph_storage_for_power | 4.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
- CWE-327 - Use of a Broken or Risky Cryptographic AlgorithmThe use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
References