CVE-2017-1000406

NONE EPSS 61.4%
Published Nov 30, 20178y ago · Modified Jun 17, 20262w ago
Find Similar
Published Nov 30, 2017 8y ago
Last Modified Jun 17, 2026 2w ago

Description

OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart).

Threat Intelligence

EPSS Exploit Probability
61.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-254

Affected Products 1

VendorProductVersionRange
opendaylightkaraf0.6.1-carbonany

References 3

  • seclists.org http://seclists.org/oss-sec/2017/q4/320
    Mailing ListThird Party Advisory
  • git.opendaylight.org https://git.opendaylight.org/gerrit/#/q/topic:AAA-151
    Vendor Advisory
  • jira.opendaylight.org https://jira.opendaylight.org/browse/AAA-151
    Issue TrackingVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.