Vulnerabilities > CVE-2006-0584 - Unspecified vulnerability in Peoplesoft Peopletools

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

peoplesoft

NVD

Published: 2006-02-08

Updated: 2024-11-21

Summary

The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS #5 with a fixed DES key to store user passwords, which makes it easier for local users to guess passwords using a dictionary attack that compares output strings.

Vulnerable Configurations

Part	Description	Count
Application	Peoplesoft Peoplesoft Peopletools 8.42 Peoplesoft Peopletools 8.43 Peoplesoft Peopletools 8.41 Peoplesoft Peopletools 8.46.3 Peoplesoft Peopletools 8.4 Peoplesoft Peopletools 8.45.5 Peoplesoft Peopletools 8.40	7

References

http://www.osvdb.org/22952
http://www.osvdb.org/22952
http://www.securityfocus.com/archive/1/424086/100/0/threaded
http://www.securityfocus.com/archive/1/424086/100/0/threaded
http://www.securityfocus.com/bid/16507
http://www.securityfocus.com/bid/16507