Vulnerabilities > CVE-2006-4068 - Credentials Management vulnerability in Pswd.Js

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

pswd-js

CWE-255

exploit available

NVD

Published: 2006-08-10

Updated: 2008-09-05

Summary

The pswd.js script relies on the client to calculate whether a username and password match hard-coded hashed values for a server, and uses a hashing scheme that creates a large number of collisions, which makes it easier for remote attackers to conduct offline brute force attacks. NOTE: this script might also allow attackers to generate the server-side "secret" URL without determining the original password, but this possibility was not discussed by the original researcher.

Vulnerable Configurations

Part	Description	Count
Application	Pswd.Js Pswd.Js Pswd.Js *	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Exploit-Db

description	PSWD.JS Insecure Password Hash Weakness. CVE-2006-4068. Webapps exploits for multiple platform
id	EDB-ID:28340
last seen	2016-02-03
modified	2006-08-03
published	2006-08-03
reporter	Gianstefano Monni
source	https://www.exploit-db.com/download/28340/
title	PSWD.JS Insecure Password Hash Weakness

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References