Weak Password Hashing in Ubuntu System Tools by Canonical
CVE-2008-6792

Currently unrated

Key Information:

Vendor: Ubuntu
Status: Linux
Vendor: CVE Published:; 7 May 2009

What is CVE-2008-6792?

System-tools-backends prior to version 2.6.0-1ubuntu1.1 on Ubuntu 8.10 utilizes 3DES for password hashing, limiting password lengths to eight characters. This weakness increases the risk of brute-force attacks, enabling opportunistic attackers to potentially gain unauthorized access to user accounts through password guessing techniques.

References

http://osvdb.org/50037

vdb-entryx_refsource_OSVDB

https://launchpad.net/bugs/287134

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/50435

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2009
Vulnerability Reserved
May 7, 2009