Password Management Flaw in HP CIFS/9000 Server by HP
CVE-2001-0981

Currently unrated

Key Information:

Vendor: HP
Status: Cifs-9000 Server
Vendor: CVE Published:; 31 August 2001

Summary

The HP CIFS/9000 Server (version A.01.07 and earlier) presents a notable security concern due to a flaw in its password management feature. When the 'unix password sync' option is enabled, the server invokes the passwd program without specifying the username of the requesting user. This oversight can result in the server inadvertently changing the password of a different user, thereby compromising account security and user confidentiality.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/7051

vdb-entryx_refsource_XF

http://archives.neohapsis.com/archives/hp/2001-q3/0048.html

vendor-advisoryx_refsource_HP

Timeline

Vulnerability Reserved
Jan 31, 2002
Vulnerability published
Aug 31, 2001