Vulnerability Database

308,918

Total vulnerabilities in the database

CVE-2001-1467

mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks.

Published: Apr 11, 2001
Updated: Nov 9, 2025
CVE: CVE-2001-1467
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
don_libes / expect	5.2.8	5.2.8.x

http://archives.neohapsis.com/archives/bugtraq/2001-04/0173.html
http://archives.neohapsis.com/archives/bugtraq/2001-04/0192.html
http://securitytracker.com/id?1001303
http://www.kb.cert.org/vuls/id/527736
http://www.securityfocus.com/bid/2632
https://exchange.xforce.ibmcloud.com/vulnerabilities/6382

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo