Vulnerability Description
Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Ie | 4.0 |
| Microsoft | Internet Explorer | 4.0 |
References
- http://www.iss.net/security_center/static/7592.php
- http://www.securityfocus.com/archive/1/241323
- http://www.securityfocus.com/archive/1/241400
- http://www.securityfocus.com/bid/3563
- http://www.iss.net/security_center/static/7592.php
- http://www.securityfocus.com/archive/1/241323
- http://www.securityfocus.com/archive/1/241400
- http://www.securityfocus.com/bid/3563
FAQ
What is CVE-2001-1497?
CVE-2001-1497 is a vulnerability with a CVSS score of 2.1 (LOW). Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump ...
How severe is CVE-2001-1497?
CVE-2001-1497 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1497?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Ie, Microsoft Internet Explorer.