ID CVE-2001-1436
Summary Dallas Semiconductor iButton DS1991 returns predictable values when given an incorrect password, which makes it easier for users with physical access to conduct dictionary attacks against the device password. New version DS1963S corrects problem.
References
Vulnerable Configurations
  • cpe:2.3:h:dallas_semiconductor:ibutton:ds1991:*:*:*:*:*:*:*
    cpe:2.3:h:dallas_semiconductor:ibutton:ds1991:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 11-07-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
atstake A011801-1
cert-vn VU#178560
xf ibutton-ds1991-dictionary(10625)
Last major update 11-07-2017 - 01:29
Published 18-01-2001 - 05:00
Back to Top