CVE

Id
22785  
CVE No.
CVE-2006-6681  
Status
Candidate  
Description
Pedro Lineu Orso chetcpasswd 2.3.3 does not have a rate limit for client requests, which might allow remote attackers to determine passwords via a dictionary attack.  
Phase
Assigned (20061221)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
220339 22785 CVE-2006-6681 BUGTRAQ:20061113 Chetcpasswd 2.x: multiple vulnerabilities  View
220340 22785 CVE-2006-6681 URL:http://marc.info/?l=bugtraq&m=116371297325564&w=2  View
220341 22785 CVE-2006-6681 MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454  View
220342 22785 CVE-2006-6681 BID:21102  View
220343 22785 CVE-2006-6681 URL:http://www.securityfocus.com/bid/21102  View
220344 22785 CVE-2006-6681 SECUNIA:22967  View
220345 22785 CVE-2006-6681 URL:http://secunia.com/advisories/22967  View
220346 22785 CVE-2006-6681 XF:chetcpasswd-password-weak-security(30455)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
60356 JVNDB-2006-002622 Pedro Lineu Orso Chetcpasswd における制限を回避される脆弱性 Pedro Lineu Orso Chetcpasswd は、/etc/shadow を処理するカスタムコードを介して、ユーザアカウントを検証および更新し PAM 設定に準拠しないため、制限を回避される脆弱性が存在します。 CVE-2006-6683 22785 7.8 http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-002622.html  View