Vulnerability Description
mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Don Libes | Expect | 5.2.8 |
References
- http://archives.neohapsis.com/archives/bugtraq/2001-04/0173.html
- http://archives.neohapsis.com/archives/bugtraq/2001-04/0192.html
- http://securitytracker.com/id?1001303
- http://www.kb.cert.org/vuls/id/527736US Government Resource
- http://www.securityfocus.com/bid/2632
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6382
- http://archives.neohapsis.com/archives/bugtraq/2001-04/0173.html
- http://archives.neohapsis.com/archives/bugtraq/2001-04/0192.html
- http://securitytracker.com/id?1001303
- http://www.kb.cert.org/vuls/id/527736US Government Resource
- http://www.securityfocus.com/bid/2632
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6382
FAQ
What is CVE-2001-1467?
CVE-2001-1467 is a vulnerability with a CVSS score of 7.5 (HIGH). mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to...
How severe is CVE-2001-1467?
CVE-2001-1467 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1467?
Check the references section above for vendor advisories and patch information. Affected products include: Don Libes Expect.