Vulnerability Description
PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak random number generator (C++ rand function) during generation of the database encryption key, which makes it easier for attackers to decrypt the database and steal passwords by generating keys for all possible rand() seed values and conducting a known plaintext attack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Counterpane | Password Safe | 3.0 |
References
- http://securityreason.com/securityalert/618
- http://www.securityfocus.com/archive/1/428552/100/0/threaded
- http://www.securityfocus.com/archive/1/445509/100/0/threaded
- http://www.securityfocus.com/bid/17200Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25429
- http://securityreason.com/securityalert/618
- http://www.securityfocus.com/archive/1/428552/100/0/threaded
- http://www.securityfocus.com/archive/1/445509/100/0/threaded
- http://www.securityfocus.com/bid/17200Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25429
FAQ
What is CVE-2006-1378?
CVE-2006-1378 is a vulnerability with a CVSS score of 4.9 (MEDIUM). PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak random number generator (C++ rand function) during generation of the database encryption key, which makes it easier for attackers ...
How severe is CVE-2006-1378?
CVE-2006-1378 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1378?
Check the references section above for vendor advisories and patch information. Affected products include: Counterpane Password Safe.