1. Home
  2. CVE Database
  3. CVE-2019-3700
LOW · 2.9

CVE-2019-3700

yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 2019...

Vulnerability Description

yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used until yast2-security switched to stronger defaults in 4.2.6 and used the new configuration file locations. Password created during this time used DES password encryption and are not properly protected against attackers that are able to access the password hashes.

CVSS Score

2.9

LOW

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
SuseYast2-Security< 4.2.6

Related Weaknesses (CWE)

CWE-327

References

FAQ

What is CVE-2019-3700?

CVE-2019-3700 is a vulnerability with a CVSS score of 2.9 (LOW). yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 2019...

How severe is CVE-2019-3700?

CVE-2019-3700 has been rated LOW with a CVSS base score of 2.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-3700?

Check the references section above for vendor advisories and patch information. Affected products include: Suse Yast2-Security.