CVE: CVE-2001-1467 - CVE-Search

CVE Details for CVE: CVE-2001-1467

Summary

mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks.

Timestamps
Last major update	11-07-2017 - 01:29
Published	11-04-2001 - 04:00
Last modified	11-07-2017 - 01:29

References

Vulnerable Configurations

cpe:2.3:a:don_libes:expect:5.2.8:*:*:*:*:*:*:*
cpe:2.3:a:don_libes:expect:5.2.8:*:*:*:*:*:*:*

CAPEC

Click the CAPEC title to display a description

CWE

NVD-CWE-Other

CVSS

Base

7.5

Impact

6.4

Exploitability

10.0

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

CVSS3

None

VIA4 references

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	2632
bugtraq	20010411 flaw in RH ``mkpasswd'' command 20010412 Re: flaw in RH ``mkpasswd'' command (importance of seeds & algorithms)
cert-vn	VU#527736
sectrack	1001303
xf	mkpasswd-weak-passwords(6382)