CVE-2001-1467

4 documents4 sources
Severity
7.5HIGH
EPSS
0.8%
top 26.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
DON Libes Expect
Timeline
PublishedApr 11
Latest updateApr 30

Description

mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

â–¶NVDdon_libes/expect5.2.8

🔴Vulnerability Details

2
GHSA
GHSA-f6m6-f2pm-2grw: mkpasswd in expect 5↗2022-04-30
â–¶
CVEList
CVE-2001-1467: mkpasswd in expect 5↗2005-04-21
â–¶

📋Vendor Advisories

1
Debian
CVE-2001-1467: expect - mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its ra...↗2001
â–¶
CVE-2001-1467 (HIGH CVSS 7.5) | mkpasswd in expect 5.2.8 | cvebase.io