The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack.
| Version | Base score | Base severity | Vector |
|---|
| Hyperlink | Resource Type |
|---|
The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack.
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | n/a |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://www.securityfocus.com/bid/49772 | vdb-entry x_refsource_BID |
| http://code.google.com/p/cherokee/issues/detail?id=1212 | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066222.html | vendor-advisory x_refsource_FEDORA |
| http://www.openwall.com/lists/oss-security/2011/06/03/4 | mailing-list x_refsource_MLIST |
| http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=713304 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2011/06/06/21 | mailing-list x_refsource_MLIST |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://www.securityfocus.com/bid/49772 | vdb-entry x_refsource_BID x_transferred |
| http://code.google.com/p/cherokee/issues/detail?id=1212 | x_refsource_CONFIRM x_transferred |
| http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066222.html | vendor-advisory x_refsource_FEDORA x_transferred |
| http://www.openwall.com/lists/oss-security/2011/06/03/4 | mailing-list x_refsource_MLIST x_transferred |
| http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz | x_refsource_CONFIRM x_transferred |
| https://bugzilla.redhat.com/show_bug.cgi?id=713304 | x_refsource_CONFIRM x_transferred |
| http://www.openwall.com/lists/oss-security/2011/06/06/21 | mailing-list x_refsource_MLIST x_transferred |
The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 2.1 | LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |