Home  >  CVE-2014-9251
CVE Details for CVE: CVE-2014-9251
Summary
Zenoss Core through 5 Beta 3 uses a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack on hash values in the database, aka ZEN-15413.
Timestamps
Last major update 21-03-2016 - 16:31
Published 15-12-2014 - 18:59
Last modified 21-03-2016 - 16:31
References
Vulnerable Configurations
  • cpe:2.3:a:zenoss:zenoss_core:2.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:2.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:4.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:4.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:5.0.0:beta_1:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:5.0.0:beta_1:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:4.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:4.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:4.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:4.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:2.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:2.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:*:beta_3:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:*:beta_3:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:5.0.0:beta_2:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:5.0.0:beta_2:*:*:*:*:*:*
CAPEC
Click the CAPEC title to display a description
CWE
CWE-255
CVSS
Base
5.0
Impact
2.9
Exploitability
10.0
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
CVSS3
None
VIA4 references
cvss-vector via4
AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
cert-vn VU#449452
confirm https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing
statements via4
contributor Zenoss
lastmodified 2016-03-21
organization Zenoss
statement Addressed in 5.1.1