1. CVE-Search
  2. CVE-2004-2394
ID CVE-2004-2394
Summary Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks.
References
Vulnerable Configurations
  • cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*
    cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:ppc:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:ppc:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:ppc:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:ppc:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*
CVSS
Base: 2.1 (as of 11-07-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 10370
confirm http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060
mandrake MDKSA-2004:045
xf passwd-stdin-offbyone-bo(16178)
Last major update 11-07-2017 - 01:31
Published 31-12-2004 - 05:00
Last modified 11-07-2017 - 01:31
Back to Top