CVE-2006-1378

Sažetak

PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak random number generator (C++ rand function) during generation of the database encryption key, which makes it easier for attackers to decrypt the database and steal passwords by generating keys for all possible rand() seed values and conducting a known plaintext attack.

Reference

http://securityreason.com/securityalert/618
http://www.securityfocus.com/archive/1/428552/100/0/threaded
http://www.securityfocus.com/archive/1/445509/100/0/threaded
http://www.securityfocus.com/bid/17200
https://exchange.xforce.ibmcloud.com/vulnerabilities/25429

CVSS

Base:	4.9
Impact:	6.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	NONE	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:N/A:N

Zadnje važnije ažuriranje

18-10-2018 - 16:32

Objavljeno

24-03-2006 - 02:02