CVE Vulnerabilities

CVE-2011-4931

Weak Password Requirements

Published: Oct 29, 2019 | Modified: Nov 01, 2019
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
LOW

gpw generates shorter passwords than required

Weakness

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

Affected Software

Name Vendor Start Version End Version
Gpw Gpw_project 0.0.19940601-8.1 (including) 0.0.19940601-8.1 (including)
Gpw Ubuntu artful *
Gpw Ubuntu bionic *
Gpw Ubuntu cosmic *
Gpw Ubuntu devel *
Gpw Ubuntu disco *
Gpw Ubuntu eoan *
Gpw Ubuntu esm-apps/bionic *
Gpw Ubuntu esm-apps/focal *
Gpw Ubuntu esm-apps/jammy *
Gpw Ubuntu esm-apps/noble *
Gpw Ubuntu esm-apps/xenial *
Gpw Ubuntu focal *
Gpw Ubuntu groovy *
Gpw Ubuntu hardy *
Gpw Ubuntu hirsute *
Gpw Ubuntu impish *
Gpw Ubuntu jammy *
Gpw Ubuntu kinetic *
Gpw Ubuntu lucid *
Gpw Ubuntu lunar *
Gpw Ubuntu mantic *
Gpw Ubuntu maverick *
Gpw Ubuntu natty *
Gpw Ubuntu noble *
Gpw Ubuntu oneiric *
Gpw Ubuntu precise *
Gpw Ubuntu quantal *
Gpw Ubuntu raring *
Gpw Ubuntu saucy *
Gpw Ubuntu trusty *
Gpw Ubuntu utopic *
Gpw Ubuntu vivid *
Gpw Ubuntu wily *
Gpw Ubuntu xenial *
Gpw Ubuntu yakkety *
Gpw Ubuntu zesty *

Potential Mitigations

  • A product’s design should require adherance to an appropriate password policy. Specific password requirements depend strongly on contextual factors, but it is recommended to contain the following attributes:

  • Depending on the threat model, the password policy may include several additional attributes.

  • See NIST 800-63B [REF-1053] for further information on password requirements.

References