Vulnerability Description
Dallas Semiconductor iButton DS1991 returns predictable values when given an incorrect password, which makes it easier for users with physical access to conduct dictionary attacks against the device password.
CVSS Score
4.6
MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dallas Semiconductor | Ibutton | ds1991 |
References
- http://www.atstake.com/research/advisories/2001/a011801-1.txtExploitVendor Advisory
- http://www.kb.cert.org/vuls/id/178560ExploitThird Party AdvisoryUS Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10625
- http://www.atstake.com/research/advisories/2001/a011801-1.txtExploitVendor Advisory
- http://www.kb.cert.org/vuls/id/178560ExploitThird Party AdvisoryUS Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10625
FAQ
What is CVE-2001-1436?
CVE-2001-1436 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Dallas Semiconductor iButton DS1991 returns predictable values when given an incorrect password, which makes it easier for users with physical access to conduct dictionary attacks against the device p...
How severe is CVE-2001-1436?
CVE-2001-1436 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1436?
Check the references section above for vendor advisories and patch information. Affected products include: Dallas Semiconductor Ibutton.