OSA-2019-026: AAF Secret Management Service allows to access all stored data
AAF: before Dublin
Jakub Botwicz, Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung reported a vulnerability in ONAP AAF. By accessing port 30243, an unauthenticated attacker gains full access to the Secret Management Service and all stored data. All ONAP OOM setups are affected.
Above patch should be considered only as a temporary walkaround as it only prevents SMS from being exposed instead of fixing the issues.
Jakub Botwicz from Samsung
Wojciech Rauner from Samsung
Łukasz Wrochna from Samsung
Radosław Żeszczuk from Samsung