CVE-2006-0584

The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS #5 with a fixed DES key to store user passwords, which makes it easier for local users to guess passwords using a dictionary attack that compares output strings.

Published: Feb 8, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-0584
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
peoplesoft / peopletools	8.42	8.42.x
peoplesoft / peopletools	8.43	8.43.x
peoplesoft / peopletools	8.41	8.41.x
peoplesoft / peopletools	8.46.3	8.46.3.x
peoplesoft / peopletools	8.4	8.4.x
peoplesoft / peopletools	8.45.5	8.45.5.x
peoplesoft / peopletools	8.40	8.40.x

http://www.osvdb.org/22952
http://www.securityfocus.com/archive/1/424086/100/0/threaded
http://www.securityfocus.com/bid/16507

Vulnerability Database

289,784

CVE-2006-0584