Lucene search

[email protected]CVE-2011-4432

HistoryNov 10, 2011 - 12:55 a.m.

CVE-2011-4432

2011-11-1000:55:00

CWE-310

[email protected]

web.nvd.nist.gov

cve-2011-4432

merethis centreon

password hash

security

vulnerability

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

51.7%

JSON

www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach.

Affected configurations

NVD

Node

merethiscentreonRange≤2.3.1

merethiscentreonMatch1.4

merethiscentreonMatch1.4.1

merethiscentreonMatch1.4.2

merethiscentreonMatch1.4.2.1

merethiscentreonMatch1.4.2.2

merethiscentreonMatch1.4.2.3

merethiscentreonMatch1.4.2.4

merethiscentreonMatch1.4.2.5

merethiscentreonMatch1.4.2.6

merethiscentreonMatch1.4.2.7

merethiscentreonMatch2.0b2

merethiscentreonMatch2.0b3

merethiscentreonMatch2.0b4

merethiscentreonMatch2.0b5

merethiscentreonMatch2.0b6

merethiscentreonMatch2.0rc1

merethiscentreonMatch2.0rc2

merethiscentreonMatch2.0rc3

merethiscentreonMatch2.0rc4

merethiscentreonMatch2.0rc5

merethiscentreonMatch2.0.1

merethiscentreonMatch2.0.2

merethiscentreonMatch2.1.0

merethiscentreonMatch2.1.1

merethiscentreonMatch2.1.2

merethiscentreonMatch2.1.3

merethiscentreonMatch2.1.4

merethiscentreonMatch2.1.5

merethiscentreonMatch2.1.6

merethiscentreonMatch2.1.7

merethiscentreonMatch2.1.8

merethiscentreonMatch2.1.9

merethiscentreonMatch2.1.10

merethiscentreonMatch2.1.11

merethiscentreonMatch2.1.12

merethiscentreonMatch2.1.13

merethiscentreonMatch2.2

merethiscentreonMatch2.2b1

merethiscentreonMatch2.2rc1

merethiscentreonMatch2.2rc2

merethiscentreonMatch2.2.1

merethiscentreonMatch2.2.2

merethiscentreonMatch2.3.0

merethiscentreonMatch2.3.0rc3

CPENameOperatorVersion
merethis:centreonmerethis centreonle2.3.1
merethis:centreonmerethis centreoneq1.4
merethis:centreonmerethis centreoneq1.4.1
merethis:centreonmerethis centreoneq1.4.2
merethis:centreonmerethis centreoneq1.4.2.1
merethis:centreonmerethis centreoneq1.4.2.2
merethis:centreonmerethis centreoneq1.4.2.3
merethis:centreonmerethis centreoneq1.4.2.4
merethis:centreonmerethis centreoneq1.4.2.5
merethis:centreonmerethis centreoneq1.4.2.6

CPE	Name	Operator	Version
merethis:centreon	merethis centreon	le	2.3.1
merethis:centreon	merethis centreon	eq	1.4
merethis:centreon	merethis centreon	eq	1.4.1
merethis:centreon	merethis centreon	eq	1.4.2
merethis:centreon	merethis centreon	eq	1.4.2.1
merethis:centreon	merethis centreon	eq	1.4.2.2
merethis:centreon	merethis centreon	eq	1.4.2.3
merethis:centreon	merethis centreon	eq	1.4.2.4
merethis:centreon	merethis centreon	eq	1.4.2.5
merethis:centreon	merethis centreon	eq	1.4.2.6

Rows per page:

1-10 of 321

References

securityreason.com/securityalert/8530

www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

51.7%

JSON

Related for CVE-2011-4432

prion1 nvd1 cvelist1