CVE-2013-4441 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 61%

Vendor	Product	Version
pwgen_project	pwgen	2.06

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

pwgen

sid	unimportant
trixie	unimportant
bookworm	unimportant
bullseye	unimportant

Ubuntu Releases

Ubuntu Product

Codename

pwgen

utopic	ignored
trusty	dne
saucy	ignored
raring	ignored
quantal	ignored
precise	ignored
lucid	ignored

Common Weakness Enumeration

CWE-307 - Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References

http://www.openwall.com/lists/oss-security/2013/06/06/1

http://www.openwall.com/lists/oss-security/2013/10/16/15

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726578

https://www.openwall.com/lists/oss-security/2012/01/22/6

http://www.openwall.com/lists/oss-security/2013/06/06/1

http://www.openwall.com/lists/oss-security/2013/10/16/15

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726578

https://www.openwall.com/lists/oss-security/2012/01/22/6