Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1467

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1467
Last Modified 05 Sep 2008 04:26:38
Published 11 Apr 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1467

Summary

mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks.

Vulnerable Systems

Application

  • Don Libes Expect 5.2.8


References

CERT-VN - VU#527736

XF - mkpasswd-weak-passwords(6382)

BID - 2632

SECTRACK - 1001303

BUGTRAQ - 20010412 Re: flaw in RH ``mkpasswd'' command (importance of seeds & algorithms)

BUGTRAQ - 20010411 flaw in RH ``mkpasswd'' command


Last Updated: 27 May 2016 10:36:40