CVE-2019-18906

CRITICAL

SUSE Linux Enterprise Server for SAP <12-SP5 - Improper Authentication

Title source: llm

Description

A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4.

References (1)

[Issue Tracking, Vendor Advisory] https://bugzilla.suse.com/show_bug.cgi?id=1186226

Scores

CVSS v3 9.8

EPSS 0.0033

EPSS Percentile 55.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-287

Status published

Affected Products (1)

opensuse/cryptctl < 2.4

Timeline

Published Jun 30, 2021

Tracked Since Feb 18, 2026