An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NOpendaylight Authentication\, Authorization And Accounting
APPOpendaylightβ€ 0.19.3
Related vulnerabilities
OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that can result...
The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 ...
A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component's database (...
OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi conta...
OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to...