CVE-2001-1354

Sažetak

NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.

Reference

http://online.securityfocus.com/archive/1/198293
http://www.securityfocus.com/bid/3075
https://exchange.xforce.ibmcloud.com/vulnerabilities/6866

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

19-12-2017 - 02:29

Objavljeno

20-07-2001 - 04:00