mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks.
References
Configurations
History
20 Nov 2024, 23:37
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/bugtraq/2001-04/0173.html - | |
References | () http://archives.neohapsis.com/archives/bugtraq/2001-04/0192.html - | |
References | () http://securitytracker.com/id?1001303 - | |
References | () http://www.kb.cert.org/vuls/id/527736 - US Government Resource | |
References | () http://www.securityfocus.com/bid/2632 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/6382 - |
Information
Published : 2001-04-11 04:00
Updated : 2024-11-20 23:37
NVD link : CVE-2001-1467
Mitre link : CVE-2001-1467
CVE.ORG link : CVE-2001-1467
JSON object : View
Products Affected
don_libes
- expect
CWE