Lucene search
MitreCVE-2001-1106HistoryApr 02, 2003 - 5:00 a.m.
CVE-2001-1106
2003-04-0205:00:00
mitre
web.nvd.nist.gov
29
sambar server
symmetric encryption
password security
user passwords
nvd
cve-2001-1106
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.8
Confidence
Low
EPSS
0.004
Percentile
72.2%
The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure.
Affected configurations
Node
sambarsambar_serverMatch4.1
ORsambarsambar_serverMatch4.2.1_production
ORsambarsambar_serverMatch4.3
ORsambarsambar_serverMatch4.4
ORsambarsambar_serverMatch5.0beta1
ORsambarsambar_serverMatch5.0beta2
ORsambarsambar_serverMatch5.0beta3
ORsambarsambar_serverMatch5.0beta4
ORsambarsambar_serverMatch5.0beta5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sambar | sambar_server | 4.1 | cpe:2.3:a:sambar:sambar_server:4.1:*:*:*:*:*:*:* |
| sambar | sambar_server | 4.2.1_production | cpe:2.3:a:sambar:sambar_server:4.2.1_production:*:*:*:*:*:*:* |
| sambar | sambar_server | 4.3 | cpe:2.3:a:sambar:sambar_server:4.3:*:*:*:*:*:*:* |
| sambar | sambar_server | 4.4 | cpe:2.3:a:sambar:sambar_server:4.4:*:*:*:*:*:*:* |
| sambar | sambar_server | 5.0 | cpe:2.3:a:sambar:sambar_server:5.0:beta1:*:*:*:*:*:* |
| sambar | sambar_server | 5.0 | cpe:2.3:a:sambar:sambar_server:5.0:beta2:*:*:*:*:*:* |
| sambar | sambar_server | 5.0 | cpe:2.3:a:sambar:sambar_server:5.0:beta3:*:*:*:*:*:* |
| sambar | sambar_server | 5.0 | cpe:2.3:a:sambar:sambar_server:5.0:beta4:*:*:*:*:*:* |
| sambar | sambar_server | 5.0 | cpe:2.3:a:sambar:sambar_server:5.0:beta5:*:*:*:*:*:* |
Related
exploitdb
exploitdb
Sambar Server 4.x/5.0 - Insecure Default Password Protection
2001-07-25 00:00:00
nvd
nvd
CVE-2001-1106
2001-07-25 04:00:00
cvelist
cvelist
CVE-2001-1106
2003-04-02 05:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.8
Confidence
Low
EPSS
0.004
Percentile
72.2%
Related for CVE-2001-1106