2 matches found
CVE-2004-2394
CVE-2004-2394 affects the passwd program (versions 0.68 and earlier). The root cause is an off-by-one error in the --stdin path, causing passwords to be truncated to the first 78 characters instead of 79, which reduces the brute-force search space. Remediation appears in connected advisories: Man...
CVE-2004-2394
Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks...