CVE-2011-0002 — Libuser vulnerability

CWE-3109 documents8 sources

Severity

6.4MEDIUMNVD

EPSS

2.3%

top 15.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libuser Debian Libuser Miloslav Trmac Libuser

Timeline

PublishedJan 22

Latest updateMay 3

Description

libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages3 packages

▶debiandebian/libuser< libuser 1:0.56.9.dfsg.1-1.1 (bookworm)

▶Debianlibuser/libuser< 1:0.56.9.dfsg.1-1.1+3

▶NVDmiloslav_trmac/libuser0.56.18+103

🔴Vulnerability Details

GHSA

GHSA-6ppq-r3vw-8xm4: libuser before 0↗2022-05-03

▶

OSV

CVE-2011-0002: libuser before 0↗2011-01-22

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Terminal Services - Use-After-Free (MS12-020)↗2012-03-16

▶

📋Vendor Advisories

Red Hat

libuser creates LDAP users with a default password↗2011-01-10

▶

Debian

CVE-2011-0002: libuser - libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new L...↗2011

▶

💬Community

Bugzilla

CVE-2011-0002 libuser creates LDAP users with a default password [fedora-all]↗2011-01-10

▶

Bugzilla

CVE-2011-0002 libuser creates LDAP users with a default password↗2010-10-15

▶