CVE-2011-0002

EUVD-2011-0029
libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
miloslav_trmaclibuser
𝑥
≤ 0.56.18
miloslav_trmaclibuser
0.1
miloslav_trmaclibuser
0.2
miloslav_trmaclibuser
0.3
miloslav_trmaclibuser
0.4
miloslav_trmaclibuser
0.5
miloslav_trmaclibuser
0.6
miloslav_trmaclibuser
0.7
miloslav_trmaclibuser
0.8
miloslav_trmaclibuser
0.8.1
miloslav_trmaclibuser
0.8.2
miloslav_trmaclibuser
0.9
miloslav_trmaclibuser
0.10
miloslav_trmaclibuser
0.11
miloslav_trmaclibuser
0.16.1
miloslav_trmaclibuser
0.18
miloslav_trmaclibuser
0.20
miloslav_trmaclibuser
0.21
miloslav_trmaclibuser
0.23
miloslav_trmaclibuser
0.24-3
miloslav_trmaclibuser
0.24-4
miloslav_trmaclibuser
0.25
miloslav_trmaclibuser
0.25.1
miloslav_trmaclibuser
0.26
miloslav_trmaclibuser
0.27
miloslav_trmaclibuser
0.28
miloslav_trmaclibuser
0.29
miloslav_trmaclibuser
0.30
miloslav_trmaclibuser
0.31
miloslav_trmaclibuser
0.32
miloslav_trmaclibuser
0.49.90
miloslav_trmaclibuser
0.49.91
miloslav_trmaclibuser
0.49.92
miloslav_trmaclibuser
0.49.93
miloslav_trmaclibuser
0.49.95
miloslav_trmaclibuser
0.49.96
miloslav_trmaclibuser
0.49.97
miloslav_trmaclibuser
0.49.98
miloslav_trmaclibuser
0.49.99
miloslav_trmaclibuser
0.49.100
miloslav_trmaclibuser
0.49.101-1
miloslav_trmaclibuser
0.49.101-2
miloslav_trmaclibuser
0.49.102
miloslav_trmaclibuser
0.50
miloslav_trmaclibuser
0.50.2
miloslav_trmaclibuser
0.51
miloslav_trmaclibuser
0.51.1-1
miloslav_trmaclibuser
0.51.1-2
miloslav_trmaclibuser
0.51.2
miloslav_trmaclibuser
0.51.4
miloslav_trmaclibuser
0.51.5
miloslav_trmaclibuser
0.51.6
miloslav_trmaclibuser
0.51.7
miloslav_trmaclibuser
0.51.7-3
miloslav_trmaclibuser
0.51.7-7
miloslav_trmaclibuser
0.51.8
miloslav_trmaclibuser
0.51.9
miloslav_trmaclibuser
0.51.10
miloslav_trmaclibuser
0.51.11
miloslav_trmaclibuser
0.51.12
miloslav_trmaclibuser
0.52
miloslav_trmaclibuser
0.52.1
miloslav_trmaclibuser
0.52.2
miloslav_trmaclibuser
0.52.3
miloslav_trmaclibuser
0.52.4
miloslav_trmaclibuser
0.52.5
miloslav_trmaclibuser
0.52.6
miloslav_trmaclibuser
0.53
miloslav_trmaclibuser
0.53.1
miloslav_trmaclibuser
0.53.2
miloslav_trmaclibuser
0.53.3
miloslav_trmaclibuser
0.53.4
miloslav_trmaclibuser
0.53.5
miloslav_trmaclibuser
0.53.6
miloslav_trmaclibuser
0.53.7
miloslav_trmaclibuser
0.53.8
miloslav_trmaclibuser
0.54
miloslav_trmaclibuser
0.54.1
miloslav_trmaclibuser
0.54.2
miloslav_trmaclibuser
0.54.3
miloslav_trmaclibuser
0.54.4
miloslav_trmaclibuser
0.54.5
miloslav_trmaclibuser
0.54.6
miloslav_trmaclibuser
0.54.7
miloslav_trmaclibuser
0.54.8
miloslav_trmaclibuser
0.55
miloslav_trmaclibuser
0.56
miloslav_trmaclibuser
0.56.1
miloslav_trmaclibuser
0.56.2
miloslav_trmaclibuser
0.56.3
miloslav_trmaclibuser
0.56.4
miloslav_trmaclibuser
0.56.5
miloslav_trmaclibuser
0.56.6
miloslav_trmaclibuser
0.56.7
miloslav_trmaclibuser
0.56.8
miloslav_trmaclibuser
0.56.9
miloslav_trmaclibuser
0.56.10
miloslav_trmaclibuser
0.56.11
miloslav_trmaclibuser
0.56.12
miloslav_trmaclibuser
0.56.13
miloslav_trmaclibuser
0.56.14
miloslav_trmaclibuser
0.56.15
miloslav_trmaclibuser
0.56.16
miloslav_trmaclibuser
0.56.17
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libuser
bookworm
1:0.64~dfsg-1
fixed
bullseye
1:0.62~dfsg-0.4
fixed
sid
1:0.64~dfsg-2
fixed
trixie
1:0.64~dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libuser
dapper
ignored
hardy
ignored
karmic
ignored
lucid
ignored
maverick
ignored
natty
not-affected
oneiric
not-affected
precise
not-affected
quantal
not-affected
raring
not-affected
saucy
not-affected
Common Weakness Enumeration
References
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053365.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053378.html
http://secunia.com/advisories/42891
http://secunia.com/advisories/42966
http://secunia.com/advisories/43047
http://securitytracker.com/id?1024960
http://www.mandriva.com/security/advisories?name=MDVSA-2011:019
http://www.osvdb.org/70421
http://www.redhat.com/support/errata/RHSA-2011-0170.html
http://www.securityfocus.com/bid/45791
http://www.vupen.com/english/advisories/2011/0184
http://www.vupen.com/english/advisories/2011/0201
http://www.vupen.com/english/advisories/2011/0226
https://bugzilla.redhat.com/show_bug.cgi?id=643227
https://exchange.xforce.ibmcloud.com/vulnerabilities/64677
https://fedorahosted.org/libuser/browser/NEWS?rev=libuser-0.57
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053365.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053378.html
http://secunia.com/advisories/42891
http://secunia.com/advisories/42966
http://secunia.com/advisories/43047
http://securitytracker.com/id?1024960
http://www.mandriva.com/security/advisories?name=MDVSA-2011:019
http://www.osvdb.org/70421
http://www.redhat.com/support/errata/RHSA-2011-0170.html
http://www.securityfocus.com/bid/45791
http://www.vupen.com/english/advisories/2011/0184
http://www.vupen.com/english/advisories/2011/0201
http://www.vupen.com/english/advisories/2011/0226
https://bugzilla.redhat.com/show_bug.cgi?id=643227
https://exchange.xforce.ibmcloud.com/vulnerabilities/64677
https://fedorahosted.org/libuser/browser/NEWS?rev=libuser-0.57