CVE Vulnerabilities

CVE-2001-1106

Published: Jul 25, 2001 | Modified: Oct 10, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure.

Affected Software

Name Vendor Start Version End Version
Sambar_server Sambar 4.1 4.1
Sambar_server Sambar 4.2.1_production 4.2.1_production
Sambar_server Sambar 4.3 4.3
Sambar_server Sambar 4.4 4.4
Sambar_server Sambar 5.0 5.0
Sambar_server Sambar 5.0 5.0
Sambar_server Sambar 5.0 5.0
Sambar_server Sambar 5.0 5.0
Sambar_server Sambar 5.0 5.0

References