Vulnerabilities > CVE-2013-4440 - Credentials Management vulnerability in Pwgen Project Pwgen 2.06

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
pwgen-project
CWE-255
nessus
NVD
Published: 2014-12-19
Updated: 2015-09-10

Summary

Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

Vulnerable Configurations

Part Description Count
Application
Pwgen_Project
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-16473.NASL
    descriptionUpdate to 2.07 (bug 1159526) fixes : - CVE-2013-4440 (bug 1020222, 1020223) - CVE-2013-4442 (bug 1020259, 1020261) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-12-17
    plugin id80063
    published2014-12-17
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80063
    titleFedora 19 : pwgen-2.07-1.fc19 (2014-16473)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-16368.NASL
    descriptionUpdate to 2.07 (bug 1159526) fixes : - CVE-2013-4440 (bug 1020222, 1020223) - CVE-2013-4442 (bug 1020259, 1020261) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-12-15
    plugin id79937
    published2014-12-15
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79937
    titleFedora 20 : pwgen-2.07-1.fc20 (2014-16368)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-16406.NASL
    descriptionUpdate to 2.07 (bug 1159526) fixes : - CVE-2013-4440 (bug 1020222, 1020223) - CVE-2013-4442 (bug 1020259, 1020261) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-12-15
    plugin id79944
    published2014-12-15
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79944
    titleFedora 21 : pwgen-2.07-1.fc21 (2014-16406)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-008.NASL
    descriptionUpdated pwgen package fixes security vulnerabilities : Pwgen was found to generate weak non-tty passwords by default, which could be brute-forced with a commendable success rate, which could raise security concerns (CVE-2013-4440). Pwgen was found to silently falling back to use standard pseudo generated numbers on the systems that heavily use entropy. Systems, such as those with a lot of daemons providing encryption services, the entropy was found to be exhausted, which forces pwgen to fall back to use standard pseudo generated numbers (CVE-2013-4442).
    last seen2020-06-01
    modified2020-06-02
    plugin id80427
    published2015-01-09
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80427
    titleMandriva Linux Security Advisory : pwgen (MDVSA-2015:008)

References