CVE-2017-1000406

CVE-2017-1000406

EPSS 1.1%

OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart).

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://seclists.org/oss-sec/2017/q4/320 https://git.opendaylight.org/gerrit/#/q/topic:AAA-151 https://jira.opendaylight.org/browse/AAA-151