| |
Vulnerability CVE-1999-1073
Published: 1998-11-30 Modified: 2012-02-12
| Description: |
Excite for Web Servers (EWS) 1.1 records the first two characters of a plaintext password in the beginning of the encrypted password, which makes it easier for an attacker to guess passwords via a brute force or dictionary attack. |
CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
7.2/10 |
10/10 |
3.9/10 |
| Exploit range |
Attack complexity |
Authentication |
Local |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Complete |
Complete |
Complete |
References: |
http://marc.info/?l=bugtraq&m=91248445931140&w=2
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
