Lucene search

[email protected]CVE-2013-6445

HistoryApr 30, 2014 - 2:22 p.m.

CVE-2013-6445

2014-04-3014:22:00

CWE-310

[email protected]

web.nvd.nist.gov

cve

cumin

mrg management console

red hat enterprise

vulnerability

des

crypt function

brute-force attack

nvd

5.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

48.2%

JSON

Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via a brute-force attack.

CPENameOperatorVersion
redhat:enterprise_mrgredhat enterprise mrgeq2.5

CPE	Name	Operator	Version
redhat:enterprise_mrg	redhat enterprise mrg	eq	2.5

References

rhn.redhat.com/errata/RHSA-2014-0440.html

rhn.redhat.com/errata/RHSA-2014-0441.html

www.securitytracker.com/id/1030158

5.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

48.2%

JSON

Related for CVE-2013-6445

prion1 veracode1 redhat2 nessus2 cvelist1