CVE-2013-4134
openafs - several
EPSS 0.15%
Description
OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key.
How to fix CVE-2013-4134
To remediate CVE-2013-4134, upgrade the affected package to a fixed version below.
- Debian/openafs—upgrade to 1.6.5-1 or later
- Debian/openafs—upgrade to 1.4.12.1+dfsg-4+squeeze2 or later
Is CVE-2013-4134 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.6.5-1
- from 0, < 1.4.12.1+dfsg-4+squeeze2