Vulnerability Description
The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS #5 with a fixed DES key to store user passwords, which makes it easier for local users to guess passwords using a dictionary attack that compares output strings.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Peoplesoft | Peopletools | 8.4 |
References
- http://www.osvdb.org/22952
- http://www.securityfocus.com/archive/1/424086/100/0/threaded
- http://www.securityfocus.com/bid/16507
- http://www.osvdb.org/22952
- http://www.securityfocus.com/archive/1/424086/100/0/threaded
- http://www.securityfocus.com/bid/16507
FAQ
What is CVE-2006-0584?
CVE-2006-0584 is a vulnerability with a CVSS score of 2.1 (LOW). The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS #5 with a fixed DES key to store user passwords, which makes it easier for local users to guess passwords using a dictionary attack that...
How severe is CVE-2006-0584?
CVE-2006-0584 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0584?
Check the references section above for vendor advisories and patch information. Affected products include: Peoplesoft Peopletools.