Vulnerabilities > CVE-2006-0584 - Unspecified vulnerability in Peoplesoft Peopletools

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

peoplesoft

NVD

Published: 2006-02-08

Updated: 2018-10-19

Summary

The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS #5 with a fixed DES key to store user passwords, which makes it easier for local users to guess passwords using a dictionary attack that compares output strings.

Vulnerable Configurations

Part	Description	Count
Application	Peoplesoft Peoplesoft Peopletools 8.4 Peoplesoft Peopletools 8.40 Peoplesoft Peopletools 8.41 Peoplesoft Peopletools 8.42 Peoplesoft Peopletools 8.43 Peoplesoft Peopletools 8.45.5 Peoplesoft Peopletools 8.46.3	7

References

http://www.osvdb.org/22952
http://www.securityfocus.com/archive/1/424086/100/0/threaded
http://www.securityfocus.com/bid/16507