Bug #24836
Updated by Ken Dreyer 2 months ago
The cephx authorizer does not have any challenge or nonce, and thus (if sniffed) can be reused by another session. Fixes are in place: master: f80b848d3f830eb6dba50123e04385173fa4540b 5ead97120e07054d80623dada90a5cc764c28468 mimic: 4cbd72f11ecda4c28d1bf47328a4f8672295870a luminous: 5ead97120e07054d80623dada90a5cc764c28468 jewel: 26816cd80ae245d351d5ce34d8af434fbc798602 CVE-2018-1128