CVE-2004-2394

3 documents3 sources

Severity

2.1LOW

EPSS

0.1%

top 76.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mandrakesoft Mandrake Linux Mandrakesoft Mandrake Linux Corporate Server Mandrakesoft Mandrake Multi Network Firewall

Timeline

PublishedDec 31

Latest updateApr 29

Description

Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶NVDmandrakesoft/mandrake_linux5 versions+4

▶NVDmandrakesoft/mandrake_linux_corporate_server2.1

▶NVDmandrakesoft/mandrake_multi_network_firewall8.2

Patches

Patch: bugzilla.redhat.com ↗Patch: www.mandriva.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-39q2-89f2-vxj5: Off-by-one error in passwd 0↗2022-04-29

▶

CVEList

CVE-2004-2394: Off-by-one error in passwd 0↗2005-08-17

▶