CVE-2013-7041 - The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which make

CVE-2013-7041

Summary

The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack.

References

Vulnerable Configurations

cpe:2.3:a:cristian_gafton:pam_userdb:-:*:*:*:*:*:*:*
cpe:2.3:a:cristian_gafton:pam_userdb:-:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 03-12-2016 - 03:00)
Impact:
Exploitability:

CWE

CWE-310

CAPEC

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:N/A:N

refmap via4

bid	64180
confirm	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731368 https://bugzilla.redhat.com/show_bug.cgi?id=1038555
gentoo	GLSA-201605-05
mlist	[oss-security] 20141209 CVE request: pam: password hashes aren't compared case-sensitively [oss-security] 20141209 Re: CVE request: pam: password hashes aren't compared case-sensitively
ubuntu	USN-2935-1 USN-2935-2 USN-2935-3

Last major update

03-12-2016 - 03:00

Published

08-05-2014 - 14:29

Last modified

03-12-2016 - 03:00