CVE-2001-1169

keyinit in S/Key does not require authentication to initialize a one-time password sequence, which allows an attacker who has gained privileges to a user account to create new one-time passwords for use in other activities that may use S/Key authentication, such as sudo.
Configurations

Configuration 1 (hide)

cpe:2.3:o:bell_communications_research:s_key:gold:*:*:*:*:*:*:*

History

20 Nov 2024, 23:37

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/bugtraq/2001-08/0441.html - Patch, Vendor Advisory () http://archives.neohapsis.com/archives/bugtraq/2001-08/0441.html - Patch, Vendor Advisory

Information

Published : 2001-09-02 04:00

Updated : 2024-11-20 23:37


NVD link : CVE-2001-1169

Mitre link : CVE-2001-1169

CVE.ORG link : CVE-2001-1169


JSON object : View

Products Affected

bell_communications_research

  • s_key