Lucene search

[email protected]CVE-1999-1073

HistoryNov 30, 1998 - 5:00 a.m.

CVE-1999-1073

1998-11-3005:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-1999-1073

excite for web servers

ews 1.1

encrypted password

brute force attack.

7.3 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Excite for Web Servers (EWS) 1.1 records the first two characters of a plaintext password in the beginning of the encrypted password, which makes it easier for an attacker to guess passwords via a brute force or dictionary attack.

CPENameOperatorVersion
excite:ewsexcite ewseq1.1

CPE	Name	Operator	Version
excite:ews	excite ews	eq	1.1

References

marc.info/?l=bugtraq&m=91248445931140&w=2

7.3 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON