Lucene search

[email protected]NVD:CVE-2006-1378

HistoryMar 24, 2006 - 2:02 a.m.

CVE-2006-1378

2006-03-2402:02:00

[email protected]

web.nvd.nist.gov

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

30.7%

JSON

PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak random number generator (C++ rand function) during generation of the database encryption key, which makes it easier for attackers to decrypt the database and steal passwords by generating keys for all possible rand() seed values and conducting a known plaintext attack.

Affected configurations

Nvd

Node

counterpanepassword_safeMatch3.0

VendorProductVersionCPE
counterpanepassword_safe3.0cpe:2.3:a:counterpane:password_safe:3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
counterpane	password_safe	3.0	cpe:2.3:a:counterpane:password_safe:3.0:::::::*

References

securityreason.com/securityalert/618

www.securityfocus.com/archive/1/428552/100/0/threaded

www.securityfocus.com/archive/1/445509/100/0/threaded

www.securityfocus.com/bid/17200

exchange.xforce.ibmcloud.com/vulnerabilities/25429

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

30.7%

JSON

Related for NVD:CVE-2006-1378

prion1 cvelist1 cve1