Vulnerability Description
Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chetcpasswd Project | Chetcpasswd | 2.3.3 |
Related Weaknesses (CWE)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454Third Party Advisory
- http://marc.info/?l=bugtraq&m=116371297325564&w=2Mailing List
- http://secunia.com/advisories/22967Permissions RequiredThird Party Advisory
- http://www.osvdb.org/30545Broken LinkPermissions RequiredThird Party Advisory
- http://www.securityfocus.com/bid/21102Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30454VDB Entry
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454Third Party Advisory
- http://marc.info/?l=bugtraq&m=116371297325564&w=2Mailing List
- http://secunia.com/advisories/22967Permissions RequiredThird Party Advisory
- http://www.osvdb.org/30545Broken LinkPermissions RequiredThird Party Advisory
- http://www.securityfocus.com/bid/21102Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30454VDB Entry
FAQ
What is CVE-2006-6682?
CVE-2006-6682 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to deter...
How severe is CVE-2006-6682?
CVE-2006-6682 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6682?
Check the references section above for vendor advisories and patch information. Affected products include: Chetcpasswd Project Chetcpasswd.