Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2014-0083
Vulnerability from gsd - Updated: 2014-02-13 00:00Details
The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-0083",
"description": "The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords.",
"id": "GSD-2014-0083",
"references": [
"https://www.suse.com/security/cve/CVE-2014-0083.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "net-ldap",
"purl": "pkg:gem/net-ldap"
}
}
],
"aliases": [
"CVE-2014-0083",
"OSVDB-106108"
],
"details": "The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords.",
"id": "GSD-2014-0083",
"modified": "2014-02-13T00:00:00.000Z",
"published": "2014-02-13T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0083"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 1.9,
"type": "CVSS_V2"
}
],
"summary": "CVE-2014-0083 rubygem-net-ldap: SSHA passwords generated by the net-ldap Ruby gem use a weak salt"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ruby-net-ldap",
"version": {
"version_data": [
{
"version_value": "0.16.2"
}
]
}
}
]
},
"vendor_name": "ruby-net-ldap"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2014-0083",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2014-0083"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0083",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0083"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0083",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0083"
},
{
"name": "https://github.com/ruby-ldap/ruby-net-ldap/commit/b412ca05f6b430eaa1ce97ac95885b4cf187b04a",
"refsource": "CONFIRM",
"url": "https://github.com/ruby-ldap/ruby-net-ldap/commit/b412ca05f6b430eaa1ce97ac95885b4cf187b04a"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2014-0083",
"cvss_v2": 1.9,
"date": "2014-02-13",
"description": "The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords.",
"gem": "net-ldap",
"osvdb": 106108,
"patched_versions": [
"\u003e= 0.6.0"
],
"title": "CVE-2014-0083 rubygem-net-ldap: SSHA passwords generated by the net-ldap Ruby gem use a weak salt",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0083"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c0.16.2",
"affected_versions": "All versions before 0.16.2",
"cvss_v2": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-916",
"CWE-937"
],
"date": "2019-11-25",
"description": "The Ruby net-ldap gem uses a weak salt when generating SSHA passwords.",
"fixed_versions": [
"0.16.2"
],
"identifier": "CVE-2014-0083",
"identifiers": [
"CVE-2014-0083"
],
"package_slug": "gem/net-ldap",
"pubdate": "2019-11-21",
"solution": "Update to version 0.16.2 or above",
"title": "Use of Password Hash With Insufficient Computational Effort",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2014-0083"
],
"uuid": "863838dc-c257-4023-b742-ff16cdcaa515"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:net-ldap_project:net-ldap:*:*:*:*:*:ruby:*:*",
"cpe_name": [],
"versionEndExcluding": "0.16.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0083"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-916"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ruby-ldap/ruby-net-ldap/commit/b412ca05f6b430eaa1ce97ac95885b4cf187b04a",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "https://github.com/ruby-ldap/ruby-net-ldap/commit/b412ca05f6b430eaa1ce97ac95885b4cf187b04a"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2014-0083",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-0083"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0083",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0083"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0083",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0083"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2020-08-18T15:05Z",
"publishedDate": "2019-11-21T14:15Z"
}
}
}