2 matches found
CVE-2001-1374
Summary (concrete details from connected documents): The vulnerability is in the expect utility prior to version 5.32, where it searches for its libraries in /var/tmp before other directories. A local attacker could exploit this by placing a Trojan horse library that mkpasswd would load, potentia...
CVE-2001-1467
The CVE-2001-1467 issue affects mkpasswd in expect 5.2.8 as used by Red Hat Linux 6.2–7.0. The underlying problem is that the random number generator is seeded with the process ID, reducing the seed space and enabling easier brute-force password attacks. The associated metrics indicate a HIGH sev...