CVE-2001-1106

Published Jul 25, 2001

Last updated 7 years ago

Overview

Description: The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sambar:sambar_server:4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1300381D-449D-42BE-8B94-28D2A5ACC3D2"
          },
          {
            "criteria": "cpe:2.3:a:sambar:sambar_server:4.2.1_production:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2FC3057-9969-48B5-A5CF-C11912B89D06"
          },
          {
            "criteria": "cpe:2.3:a:sambar:sambar_server:4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94F70201-3D0E-463A-82B8-4CDE086EAF61"
          },
          {
            "criteria": "cpe:2.3:a:sambar:sambar_server:4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9681C75D-45B3-46AB-8FEA-5D8E45D81AF3"
          },
          {
            "criteria": "cpe:2.3:a:sambar:sambar_server:5.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CDD4A6F-A334-4081-B7DC-ED4DA5F635E9"
          },
          {
            "criteria": "cpe:2.3:a:sambar:sambar_server:5.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1DA41E4-5170-4BDD-9BFC-8146CCE3EF9B"
          },
          {
            "criteria": "cpe:2.3:a:sambar:sambar_server:5.0:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "387DA782-35E3-47CB-B041-DAD3C433CF7D"
          },
          {
            "criteria": "cpe:2.3:a:sambar:sambar_server:5.0:beta4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8B1D7C8-E0D4-4FB1-9011-8BD361B38CC9"
          },
          {
            "criteria": "cpe:2.3:a:sambar:sambar_server:5.0:beta5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A771154-443C-4468-A205-6D0CA83866C9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References