| Vulnerability Name: | CVE-2008-6792 (CCN-50435) | ||||||||
| Assigned: | 2008-11-05 | ||||||||
| Published: | 2008-11-05 | ||||||||
| Updated: | 2017-08-17 | ||||||||
| Summary: | system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully conduct brute-force password attacks. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
1.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-310 | ||||||||
| Vulnerability Consequences: | Other | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-6792 Source: OSVDB Type: UNKNOWN 50037 Source: SECUNIA Type: Vendor Advisory 32566 Source: CCN Type: OSVDB ID: 50037 Ubuntu Linux system-tools-backends 3DES Hashed Password Weakness Source: CCN Type: USN-663-1 system-tools-backends regression Source: UBUNTU Type: Vendor Advisory USN-663-1 Source: CCN Type: Ubuntu launchpad Bug #287134 users-admin sets up maximum 8 character password Source: XF Type: UNKNOWN stb-password-weak-security(50435) Source: XF Type: UNKNOWN stb-password-weak-security(50435) Source: CONFIRM Type: UNKNOWN https://launchpad.net/bugs/287134 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||