4.2.82

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

arkeia

CWE-916

critical

NVD

Published: 2001-08-31

Updated: 2024-02-14

Summary

Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an attacker to conduct brute force password guessing.

Vulnerable Configurations

Part	Description	Count
Application	Arkeia Arkeia Arkeia 4.2.8-2 Arkeia Arkeia 4.2	2

Common Weakness Enumeration (CWE)

CWE-916 - Use of Password Hash With Insufficient Computational Effort

References

http://archives.neohapsis.com/archives/bugtraq/2001-08/0228.html
http://www.securityfocus.com/bid/3204