Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1106


Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1106
Last Modified 05 Sep 2008 04:25:42
Published 25 Jul 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure.

Vulnerable Systems


  • Sambar Server 4.1

  • Sambar Server 4.2.1 Production

  • Sambar Server 4.3

  • Sambar Server 4.4

  • Sambar Server 5.0


BID - 3095

XF - sambar-insecure-passwords(6909)

BUGTRAQ - 20010725 Sambar Server password decryption

Last Updated: 27 May 2016 10:36:31