[email protected]CVE-2013-4440

HistoryDec 19, 2014 - 3:59 p.m.

CVE-2013-4440

2014-12-1915:59:00

CWE-255

[email protected]

web.nvd.nist.gov

cve-2013-4440

password generator

pwgen

non-tty passwords

brute-force attack

nvd

6.2 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.4%

JSON

Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CPENameOperatorVersion
pwgen_project:pwgenpwgen project pwgenle2.06

CPE	Name	Operator	Version
pwgen_project:pwgen	pwgen project pwgen	le	2.06

References

advisories.mageia.org/MGASA-2014-0535.html

lists.fedoraproject.org/pipermail/package-announce/2014-December/146015.html

lists.fedoraproject.org/pipermail/package-announce/2014-December/146237.html

lists.fedoraproject.org/pipermail/package-announce/2014-December/146285.html

sourceforge.net/p/pwgen/code/ci/00118ccac4656adb028504639b313d7b09e62b79/

www.mandriva.com/security/advisories?name=MDVSA-2015:008

www.openwall.com/lists/oss-security/2013/06/06/1

www.openwall.com/lists/oss-security/2013/10/16/15

6.2 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.4%

JSON

Related for CVE-2013-4440

debiancve1 prion1 cvelist1 ubuntucve1 openvas4 fedora3 securityvulns2 nessus4 mageia1