Vulnerabilities > CVE-2004-2394 - Unspecified vulnerability in Mandrakesoft products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN mandrakesoft
nessus
Summary
Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 10 |
Nessus
| NASL family | Mandriva Local Security Checks |
| NASL id | MANDRAKE_MDKSA-2004-045.NASL |
| description | Steve Grubb found some problems in the passwd program. Passwords given to passwd via stdin are one character shorter than they are supposed to be. He also discovered that pam may not have been sufficiently initialized to ensure safe and proper operation. A few small memory leaks have been fixed as well. The updated packages are patched to correct these problems. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 14144 |
| published | 2004-07-31 |
| reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/14144 |
| title | Mandrake Linux Security Advisory : passwd (MDKSA-2004:045) |
References
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:045
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:045
- http://www.securityfocus.com/bid/10370
- http://www.securityfocus.com/bid/10370
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16178
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16178