CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-18906 – cryptctl: client side password hashing is equivalent to clear text password storage
https://notcve.org/view.php?id=CVE-2019-18906
30 Jun 2021 — A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4. Una vulnerabilidad de autenticación inadecuada en cryptctl de SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 permite a los a... • https://bugzilla.suse.com/show_bug.cgi?id=1186226 • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9270 – post-auth arbitrary file write on cryptctl server
https://notcve.org/view.php?id=CVE-2017-9270
01 Mar 2018 — In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database. En cryptctl, en versiones anteriores a la 2.0, un servidor malicioso podría enviar peticiones RPC que podrían sobrescribir archivos fuera de la base de datos de claves de cryptctl. • https://bugzilla.suse.com/show_bug.cgi?id=1041963 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •