What is CVE-2020-25660?

CVE-2020-25660 is a high-severity vulnerability in Fedoraproject Fedora, classified under Authentication Bypass by Capture-replay. CVSS score: 8.8/10. Published 2020-11-23.

How severe is CVE-2020-25660?

High severity. CVSS v3 base score is 8.8 out of 10.

Vulnerability in Fedoraproject Fedora

CVE-2020-25660

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with acc…

EPSS: 0.010 (58.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Fedoraproject Fedora — versions 33
Redhat Ceph
Redhat Ceph_storage — versions 2.0, 4.0
Redhat Openshift_container_platform — versions 4.0
N/a Ceph — versions All ceph versions before 15.2.6 and before 14.2.14

Weakness classification (CWE)

CWE-294 — Authentication Bypass by Capture-replay

References

secalert@redhat.com (Third Party Advisory, x_refsource_MISC, Issue Tracking)
secalert@redhat.com (x_refsource_MISC, Release Notes, Vendor Advisory)
secalert@redhat.com (x_refsource_MISC, Release Notes, Vendor Advisory)
secalert@redhat.com (x_refsource_FEDORA, vendor-advisory)
secalert@redhat.com (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)

Frequently asked questions

What is CVE-2020-25660?: CVE-2020-25660 is a high-severity vulnerability in Fedoraproject Fedora, classified under Authentication Bypass by Capture-replay. CVSS score: 8.8/10. Published 2020-11-23.
How severe is CVE-2020-25660?: High severity. CVSS v3 base score is 8.8 out of 10.