Many exploits rely on unauthenticated Rx packets. Force -rxk5 on your fileserver processes. In /etc/openafs/server/ThisCell :

The OpenAFS community is small but dedicated. As of 2025, efforts are underway to rewrite the Rx protocol in memory-safe Rust (the "AuroraAFS" project). However, production cells will run legacy C code for another decade. Until then, the afs3-fileserver will remain a high-value target.

The AFS3 file server exploit has significant consequences for organizations that rely on AFS3 for file sharing and management. Some of the potential impacts include: