Vulnerability Name:

CVE-2011-0002 (CCN-64677)

Assigned:2010-12-07
Published:2011-01-10
Updated:2017-08-17
Summary:libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (REDHAT CVSS v2 Vector: AV:A/AC:M/Au:N/C:P/I:P/A:N)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:A/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-310
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2011-0002

Source: CONFIRM
Type: UNKNOWN
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Source: FEDORA
Type: UNKNOWN
FEDORA-2011-0316

Source: FEDORA
Type: UNKNOWN
FEDORA-2011-0320

Source: CCN
Type: RHSA-2011-0170
Moderate: libuser security update

Source: CCN
Type: SA42891
libuser Default Password Security Issue

Source: SECUNIA
Type: Vendor Advisory
42891

Source: SECUNIA
Type: Vendor Advisory
42966

Source: SECUNIA
Type: UNKNOWN
43047

Source: CCN
Type: SECTRACK ID: 1024960
Libuser LDAP Account Creation Default Password May Let Users Bypass Security Controls

Source: SECTRACK
Type: UNKNOWN
1024960

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2011:019

Source: OSVDB
Type: UNKNOWN
70421

Source: CCN
Type: OSVDB ID: 70421
libuser luseradd Default Password Weakness

Source: REDHAT
Type: UNKNOWN
RHSA-2011:0170

Source: BID
Type: UNKNOWN
45791

Source: CCN
Type: BID-45791
libuser 'luseradd' Default Password Security Bypass Vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2011-0184

Source: VUPEN
Type: UNKNOWN
ADV-2011-0201

Source: VUPEN
Type: UNKNOWN
ADV-2011-0226

Source: CONFIRM
Type: Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=643227

Source: CCN
Type: Red Hat Bugzilla Bug 643227
CVE-2011-0002 libuser creates LDAP users with a default password

Source: XF
Type: UNKNOWN
libuser-password-security-bypass(64677)

Source: XF
Type: UNKNOWN
libuser-password-security-bypass(64677)

Source: CCN
Type: fedora HOSTED Web site
libuser

Source: CONFIRM
Type: UNKNOWN
https://fedorahosted.org/libuser/browser/NEWS?rev=libuser-0.57

Vulnerable Configuration:Configuration 1:
  • cpe:/a:miloslav_trmac:libuser:0.1:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.2:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.3:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.4:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.5:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.6:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.7:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.8:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.8.2:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.9:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.10:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.11:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.16.1:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.18:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.20:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.21:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.23:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.24-3:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.24-4:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.25:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.25.1:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.26:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.27:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.28:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.29:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.30:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.31:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.32:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.49.90:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.49.91:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.49.92:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.49.93:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.49.95:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.49.96:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.49.97:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.49.98:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.49.99:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.49.100:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.49.101-1:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.49.101-2:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.49.102:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.50:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.50.2:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.51:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.51.1-1:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.51.1-2:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.51.2:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.51.4:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.51.5:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.51.6:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.51.7:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.51.7-3:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.51.7-7:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.51.8:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.51.9:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.51.10:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.51.11:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.51.12:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.52:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.52.1:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.52.2:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.52.3:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.52.4:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.52.5:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.52.6:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.53:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.53.1:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.53.2:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.53.3:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.53.4:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.53.5:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.53.6:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.53.7:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.53.8:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.54:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.54.1:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.54.2:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.54.3:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.54.4:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.54.5:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.54.6:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.54.7:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.54.8:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.55:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.56:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.56.1:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.56.2:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.56.3:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.56.4:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.56.5:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.56.6:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.56.7:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.56.8:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.56.9:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.56.10:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.56.11:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.56.12:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.56.13:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.56.14:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.56.15:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.56.16:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:0.56.17:*:*:*:*:*:*:*
  • OR cpe:/a:miloslav_trmac:libuser:*:*:*:*:*:*:*:* (Version <= 0.56.18)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration RedHat 10:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 11:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

    • Configuration RedHat 12:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

    • Configuration RedHat 13:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration RedHat 14:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:23349
    P
    		ELSA-2011:0170: libuser security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:21850
    P
    		RHSA-2011:0170: libuser security update (Moderate)
    2014-02-24
    oval:org.mitre.oval:def:20643
    V
    		VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
    2014-01-20
    oval:com.ubuntu.precise:def:20110002000
    V
    		CVE-2011-0002 on Ubuntu 12.04 LTS (precise) - medium.
    2011-01-22
    oval:com.redhat.rhsa:def:20110170
    P
    		RHSA-2011:0170: libuser security update (Moderate)
    2011-01-20
    BACK
    miloslav_trmac libuser 0.1
    miloslav_trmac libuser 0.2
    miloslav_trmac libuser 0.3
    miloslav_trmac libuser 0.4
    miloslav_trmac libuser 0.5
    miloslav_trmac libuser 0.6
    miloslav_trmac libuser 0.7
    miloslav_trmac libuser 0.8
    miloslav_trmac libuser 0.8.1
    miloslav_trmac libuser 0.8.2
    miloslav_trmac libuser 0.9
    miloslav_trmac libuser 0.10
    miloslav_trmac libuser 0.11
    miloslav_trmac libuser 0.16.1
    miloslav_trmac libuser 0.18
    miloslav_trmac libuser 0.20
    miloslav_trmac libuser 0.21
    miloslav_trmac libuser 0.23
    miloslav_trmac libuser 0.24-3
    miloslav_trmac libuser 0.24-4
    miloslav_trmac libuser 0.25
    miloslav_trmac libuser 0.25.1
    miloslav_trmac libuser 0.26
    miloslav_trmac libuser 0.27
    miloslav_trmac libuser 0.28
    miloslav_trmac libuser 0.29
    miloslav_trmac libuser 0.30
    miloslav_trmac libuser 0.31
    miloslav_trmac libuser 0.32
    miloslav_trmac libuser 0.49.90
    miloslav_trmac libuser 0.49.91
    miloslav_trmac libuser 0.49.92
    miloslav_trmac libuser 0.49.93
    miloslav_trmac libuser 0.49.95
    miloslav_trmac libuser 0.49.96
    miloslav_trmac libuser 0.49.97
    miloslav_trmac libuser 0.49.98
    miloslav_trmac libuser 0.49.99
    miloslav_trmac libuser 0.49.100
    miloslav_trmac libuser 0.49.101-1
    miloslav_trmac libuser 0.49.101-2
    miloslav_trmac libuser 0.49.102
    miloslav_trmac libuser 0.50
    miloslav_trmac libuser 0.50.2
    miloslav_trmac libuser 0.51
    miloslav_trmac libuser 0.51.1-1
    miloslav_trmac libuser 0.51.1-2
    miloslav_trmac libuser 0.51.2
    miloslav_trmac libuser 0.51.4
    miloslav_trmac libuser 0.51.5
    miloslav_trmac libuser 0.51.6
    miloslav_trmac libuser 0.51.7
    miloslav_trmac libuser 0.51.7-3
    miloslav_trmac libuser 0.51.7-7
    miloslav_trmac libuser 0.51.8
    miloslav_trmac libuser 0.51.9
    miloslav_trmac libuser 0.51.10
    miloslav_trmac libuser 0.51.11
    miloslav_trmac libuser 0.51.12
    miloslav_trmac libuser 0.52
    miloslav_trmac libuser 0.52.1
    miloslav_trmac libuser 0.52.2
    miloslav_trmac libuser 0.52.3
    miloslav_trmac libuser 0.52.4
    miloslav_trmac libuser 0.52.5
    miloslav_trmac libuser 0.52.6
    miloslav_trmac libuser 0.53
    miloslav_trmac libuser 0.53.1
    miloslav_trmac libuser 0.53.2
    miloslav_trmac libuser 0.53.3
    miloslav_trmac libuser 0.53.4
    miloslav_trmac libuser 0.53.5
    miloslav_trmac libuser 0.53.6
    miloslav_trmac libuser 0.53.7
    miloslav_trmac libuser 0.53.8
    miloslav_trmac libuser 0.54
    miloslav_trmac libuser 0.54.1
    miloslav_trmac libuser 0.54.2
    miloslav_trmac libuser 0.54.3
    miloslav_trmac libuser 0.54.4
    miloslav_trmac libuser 0.54.5
    miloslav_trmac libuser 0.54.6
    miloslav_trmac libuser 0.54.7
    miloslav_trmac libuser 0.54.8
    miloslav_trmac libuser 0.55
    miloslav_trmac libuser 0.56
    miloslav_trmac libuser 0.56.1
    miloslav_trmac libuser 0.56.2
    miloslav_trmac libuser 0.56.3
    miloslav_trmac libuser 0.56.4
    miloslav_trmac libuser 0.56.5
    miloslav_trmac libuser 0.56.6
    miloslav_trmac libuser 0.56.7
    miloslav_trmac libuser 0.56.8
    miloslav_trmac libuser 0.56.9
    miloslav_trmac libuser 0.56.10
    miloslav_trmac libuser 0.56.11
    miloslav_trmac libuser 0.56.12
    miloslav_trmac libuser 0.56.13
    miloslav_trmac libuser 0.56.14
    miloslav_trmac libuser 0.56.15
    miloslav_trmac libuser 0.56.16
    miloslav_trmac libuser 0.56.17
    miloslav_trmac libuser *