CVE-2008-6792 — MEDIUM (5.0)

Vulnerability Description

system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully conduct brute-force password attacks.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Ubuntu	Linux	8.10

Related Weaknesses (CWE)

CWE-310

References

http://osvdb.org/50037
http://secunia.com/advisories/32566Vendor Advisory
http://www.ubuntu.com/usn/usn-663-1Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/50435
https://launchpad.net/bugs/287134
http://osvdb.org/50037
http://secunia.com/advisories/32566Vendor Advisory
http://www.ubuntu.com/usn/usn-663-1Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/50435
https://launchpad.net/bugs/287134

FAQ

What is CVE-2008-6792?

CVE-2008-6792 is a vulnerability with a CVSS score of 5.0 (MEDIUM). system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths...

How severe is CVE-2008-6792?

CVE-2008-6792 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-6792?

Check the references section above for vendor advisories and patch information. Affected products include: Ubuntu Linux.