CVE-2008-6549
published 2009-03-30CVE-2008-6549: The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe…
PriorityP417medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
1.48%
70.7th percentile
The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| moinmo | moinmoin | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
MoinMoin Denial of Service vulnerability via password_checker function
ghsa·2022-05-17
CVE-2008-6549 [HIGH] CWE-400 MoinMoin Denial of Service vulnerability via password_checker function
MoinMoin Denial of Service vulnerability via password_checker function
The password_checker function in `config/multiconfig.py` in MoinMoin prior to version 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors.
OSV
MoinMoin Denial of Service vulnerability via password_checker function
osv·2022-05-17
CVE-2008-6549 [HIGH] MoinMoin Denial of Service vulnerability via password_checker function
MoinMoin Denial of Service vulnerability via password_checker function
The password_checker function in `config/multiconfig.py` in MoinMoin prior to version 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors.
OSV
CVE-2008-6549: The password_checker function in config/multiconfig
osv·2009-03-30·CVSS 5.0
CVE-2008-6549 [MEDIUM] CVE-2008-6549: The password_checker function in config/multiconfig
The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2009-03-30
Published