1. CVE-Search
  2. CVE-2013-6445
ID CVE-2013-6445
Summary Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via a brute-force attack.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_mrg:2.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_mrg:2.5:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 18-07-2014 - 18:50)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
redhat via4
advisories
  • rhsa
    id RHSA-2014:0440
  • rhsa
    id RHSA-2014:0441
rpms
  • condor-0:7.8.10-0.1.el6
  • condor-aviary-0:7.8.10-0.1.el6
  • condor-classads-0:7.8.10-0.1.el6
  • condor-cluster-resource-agent-0:7.8.10-0.1.el6
  • condor-debuginfo-0:7.8.10-0.1.el6
  • condor-deltacloud-gahp-0:7.8.10-0.1.el6
  • condor-kbdd-0:7.8.10-0.1.el6
  • condor-plumage-0:7.8.10-0.1.el6
  • condor-qmf-0:7.8.10-0.1.el6
  • condor-vm-gahp-0:7.8.10-0.1.el6
  • cumin-0:0.1.5797-1.el6
  • mongodb-0:1.6.4-7.el6
  • mongodb-debuginfo-0:1.6.4-7.el6
  • mongodb-server-0:1.6.4-7.el6
  • mrg-release-0:2.5.0-1.el6
  • cumin-0:0.1.5796-2.el5_9
  • mrg-release-0:2.5.0-1.el5
refmap via4
sectrack 1030158
Last major update 18-07-2014 - 18:50
Published 30-04-2014 - 14:22
Last modified 18-07-2014 - 18:50
Back to Top