| Vulnerability Name: | CVE-2006-1058 (CCN-25569) | ||||||||||||
| Assigned: | 2005-12-19 | ||||||||||||
| Published: | 2005-12-19 | ||||||||||||
| Updated: | 2017-10-11 | ||||||||||||
| Summary: | BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables. | ||||||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: CONFIRM Type: UNKNOWN http://bugs.busybox.net/view.php?id=604 Source: MITRE Type: CNA CVE-2006-1058 Source: CCN Type: RHSA-2007-0244 Low: busybox security update Source: CCN Type: SA19477 BusyBox MD5 Password Hash Generation Weakness Source: SECUNIA Type: Vendor Advisory 19477 Source: SECUNIA Type: UNKNOWN 25098 Source: CCN Type: SA25848 Avaya Products BusyBox MD5 Password Weakness Source: SECUNIA Type: UNKNOWN 25848 Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2007-250.htm Source: CCN Type: ASA-2007-250 busybox security update (RHSA-2007-0244) Source: CCN Type: BusyBox BusyBox Source: REDHAT Type: UNKNOWN RHSA-2007:0244 Source: BID Type: UNKNOWN 17330 Source: CCN Type: BID-17330 BusyBox Insecure Password Hash Weakness Source: XF Type: UNKNOWN busybox-passwd-weak-security(25569) Source: XF Type: UNKNOWN busybox-passwd-weak-security(25569) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9483 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||