Vulnerabilities > CVE-2001-1106 - Unspecified vulnerability in Sambar Server

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

sambar

exploit available

NVD

Published: 2001-07-25

Updated: 2017-10-10

Summary

The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure.

Vulnerable Configurations

Part	Description	Count
Application	Sambar Sambar Sambar Server 4.1 Sambar Sambar Server 4.2.1_Production Sambar Sambar Server 4.3 Sambar Sambar Server 4.4 Sambar Sambar Server 5.0	9

Exploit-Db

description	Sambar Server 4.x/5.0 Insecure Default Password Protection Vulnerability. CVE-2001-1106. Remote exploits for multiple platform
id	EDB-ID:21027
last seen	2016-02-02
modified	2001-07-25
published	2001-07-25
reporter	3APA3A
source	https://www.exploit-db.com/download/21027/
title	Sambar Server 4.x/5.0 Insecure Default Password Protection Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References