CVE-2001-1106

The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure.

Published: Jul 25, 2001
Updated: Apr 13, 2023
CVE: CVE-2001-1106
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
sambar / sambar_server	5.0-beta5	5.0-beta5.x
sambar / sambar_server	5.0-beta2	5.0-beta2.x
sambar / sambar_server	5.0-beta4	5.0-beta4.x
sambar / sambar_server	4.2.1_production	4.2.1_production.x
sambar / sambar_server	4.3	4.3.x
sambar / sambar_server	4.4	4.4.x
sambar / sambar_server	5.0-beta1	5.0-beta1.x
sambar / sambar_server	4.1	4.1.x
sambar / sambar_server	5.0-beta3	5.0-beta3.x

http://www.securityfocus.com/archive/1/199418
http://www.securityfocus.com/bid/3095
https://exchange.xforce.ibmcloud.com/vulnerabilities/6909

Vulnerability Database

289,697

CVE-2001-1106