Lucene search

[email protected]CVE-2001-1467

HistoryApr 21, 2005 - 4:00 a.m.

CVE-2001-1467

2005-04-2104:00:00

[email protected]

web.nvd.nist.gov

cve

expect

mkpasswd

rng

brute force

password

attack

redhat

linux

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.4%

JSON

mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks.

Affected configurations

NVD

Node

don_libesexpectMatch5.2.8

CPENameOperatorVersion
don_libes:expectdon libes expecteq5.2.8

CPE	Name	Operator	Version
don_libes:expect	don libes expect	eq	5.2.8

References

archives.neohapsis.com/archives/bugtraq/2001-04/0173.html

archives.neohapsis.com/archives/bugtraq/2001-04/0192.html

securitytracker.com/id?1001303

www.kb.cert.org/vuls/id/527736

www.securityfocus.com/bid/2632

exchange.xforce.ibmcloud.com/vulnerabilities/6382

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.4%

JSON

Related for CVE-2001-1467

nvd1 cvelist1 debiancve1