CVE-2011-0002

libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
miloslav_trmaclibuser
𝑥
≤ 0.56.18
miloslav_trmaclibuser
0.1
miloslav_trmaclibuser
0.2
miloslav_trmaclibuser
0.3
miloslav_trmaclibuser
0.4
miloslav_trmaclibuser
0.5
miloslav_trmaclibuser
0.6
miloslav_trmaclibuser
0.7
miloslav_trmaclibuser
0.8
miloslav_trmaclibuser
0.8.1
miloslav_trmaclibuser
0.8.2
miloslav_trmaclibuser
0.9
miloslav_trmaclibuser
0.10
miloslav_trmaclibuser
0.11
miloslav_trmaclibuser
0.16.1
miloslav_trmaclibuser
0.18
miloslav_trmaclibuser
0.20
miloslav_trmaclibuser
0.21
miloslav_trmaclibuser
0.23
miloslav_trmaclibuser
0.24-3
miloslav_trmaclibuser
0.24-4
miloslav_trmaclibuser
0.25
miloslav_trmaclibuser
0.25.1
miloslav_trmaclibuser
0.26
miloslav_trmaclibuser
0.27
miloslav_trmaclibuser
0.28
miloslav_trmaclibuser
0.29
miloslav_trmaclibuser
0.30
miloslav_trmaclibuser
0.31
miloslav_trmaclibuser
0.32
miloslav_trmaclibuser
0.49.90
miloslav_trmaclibuser
0.49.91
miloslav_trmaclibuser
0.49.92
miloslav_trmaclibuser
0.49.93
miloslav_trmaclibuser
0.49.95
miloslav_trmaclibuser
0.49.96
miloslav_trmaclibuser
0.49.97
miloslav_trmaclibuser
0.49.98
miloslav_trmaclibuser
0.49.99
miloslav_trmaclibuser
0.49.100
miloslav_trmaclibuser
0.49.101-1
miloslav_trmaclibuser
0.49.101-2
miloslav_trmaclibuser
0.49.102
miloslav_trmaclibuser
0.50
miloslav_trmaclibuser
0.50.2
miloslav_trmaclibuser
0.51
miloslav_trmaclibuser
0.51.1-1
miloslav_trmaclibuser
0.51.1-2
miloslav_trmaclibuser
0.51.2
miloslav_trmaclibuser
0.51.4
miloslav_trmaclibuser
0.51.5
miloslav_trmaclibuser
0.51.6
miloslav_trmaclibuser
0.51.7
miloslav_trmaclibuser
0.51.7-3
miloslav_trmaclibuser
0.51.7-7
miloslav_trmaclibuser
0.51.8
miloslav_trmaclibuser
0.51.9
miloslav_trmaclibuser
0.51.10
miloslav_trmaclibuser
0.51.11
miloslav_trmaclibuser
0.51.12
miloslav_trmaclibuser
0.52
miloslav_trmaclibuser
0.52.1
miloslav_trmaclibuser
0.52.2
miloslav_trmaclibuser
0.52.3
miloslav_trmaclibuser
0.52.4
miloslav_trmaclibuser
0.52.5
miloslav_trmaclibuser
0.52.6
miloslav_trmaclibuser
0.53
miloslav_trmaclibuser
0.53.1
miloslav_trmaclibuser
0.53.2
miloslav_trmaclibuser
0.53.3
miloslav_trmaclibuser
0.53.4
miloslav_trmaclibuser
0.53.5
miloslav_trmaclibuser
0.53.6
miloslav_trmaclibuser
0.53.7
miloslav_trmaclibuser
0.53.8
miloslav_trmaclibuser
0.54
miloslav_trmaclibuser
0.54.1
miloslav_trmaclibuser
0.54.2
miloslav_trmaclibuser
0.54.3
miloslav_trmaclibuser
0.54.4
miloslav_trmaclibuser
0.54.5
miloslav_trmaclibuser
0.54.6
miloslav_trmaclibuser
0.54.7
miloslav_trmaclibuser
0.54.8
miloslav_trmaclibuser
0.55
miloslav_trmaclibuser
0.56
miloslav_trmaclibuser
0.56.1
miloslav_trmaclibuser
0.56.2
miloslav_trmaclibuser
0.56.3
miloslav_trmaclibuser
0.56.4
miloslav_trmaclibuser
0.56.5
miloslav_trmaclibuser
0.56.6
miloslav_trmaclibuser
0.56.7
miloslav_trmaclibuser
0.56.8
miloslav_trmaclibuser
0.56.9
miloslav_trmaclibuser
0.56.10
miloslav_trmaclibuser
0.56.11
miloslav_trmaclibuser
0.56.12
miloslav_trmaclibuser
0.56.13
miloslav_trmaclibuser
0.56.14
miloslav_trmaclibuser
0.56.15
miloslav_trmaclibuser
0.56.16
miloslav_trmaclibuser
0.56.17
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libuser
bullseye
1:0.62~dfsg-0.4
fixed
bookworm
1:0.64~dfsg-1
fixed
sid
1:0.64~dfsg-2
fixed
trixie
1:0.64~dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libuser
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
not-affected
maverick
ignored
lucid
ignored
karmic
ignored
hardy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053365.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053378.html
http://secunia.com/advisories/42891
http://secunia.com/advisories/42966
http://secunia.com/advisories/43047
http://securitytracker.com/id?1024960
http://www.mandriva.com/security/advisories?name=MDVSA-2011:019
http://www.osvdb.org/70421
http://www.redhat.com/support/errata/RHSA-2011-0170.html
http://www.securityfocus.com/bid/45791
http://www.vupen.com/english/advisories/2011/0184
http://www.vupen.com/english/advisories/2011/0201
http://www.vupen.com/english/advisories/2011/0226
https://bugzilla.redhat.com/show_bug.cgi?id=643227
https://exchange.xforce.ibmcloud.com/vulnerabilities/64677
https://fedorahosted.org/libuser/browser/NEWS?rev=libuser-0.57
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053365.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053378.html
http://secunia.com/advisories/42891
http://secunia.com/advisories/42966
http://secunia.com/advisories/43047
http://securitytracker.com/id?1024960
http://www.mandriva.com/security/advisories?name=MDVSA-2011:019
http://www.osvdb.org/70421
http://www.redhat.com/support/errata/RHSA-2011-0170.html
http://www.securityfocus.com/bid/45791
http://www.vupen.com/english/advisories/2011/0184
http://www.vupen.com/english/advisories/2011/0201
http://www.vupen.com/english/advisories/2011/0226
https://bugzilla.redhat.com/show_bug.cgi?id=643227
https://exchange.xforce.ibmcloud.com/vulnerabilities/64677
https://fedorahosted.org/libuser/browser/NEWS?rev=libuser-0.57