Vulnerabilities > CVE-2001-0967 - Use of Password Hash With Insufficient Computational Effort vulnerability in Arkeia 4.2/4.2.82

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
arkeia
CWE-916
critical

Summary

Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an attacker to conduct brute force password guessing.

Vulnerable Configurations

Part Description Count
Application
Arkeia
2