Lucene search

MitreCVE-2006-6681

HistoryDec 21, 2006 - 7:28 p.m.

CVE-2006-6681

2006-12-2119:28:00

CWE-399

mitre

web.nvd.nist.gov

cve-2006-6681

pedro lineu orso

chetcpasswd

rate limit

client requests

remote attackers

dictionary attack

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.016

Percentile

87.3%

JSON

Pedro Lineu Orso chetcpasswd 2.3.3 does not have a rate limit for client requests, which might allow remote attackers to determine passwords via a dictionary attack.

Affected configurations

Nvd

Node

chetcpasswdchetcpasswdMatch2.3.3

VendorProductVersionCPE
chetcpasswdchetcpasswd2.3.3cpe:2.3:a:chetcpasswd:chetcpasswd:2.3.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
chetcpasswd	chetcpasswd	2.3.3	cpe:2.3:a:chetcpasswd:chetcpasswd:2.3.3:::::::*

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454

marc.info/?l=bugtraq&m=116371297325564&w=2

secunia.com/advisories/22967

www.securityfocus.com/bid/21102

exchange.xforce.ibmcloud.com/vulnerabilities/30455

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.016

Percentile

87.3%

JSON

Related for CVE-2006-6681