CVE-2001-1467

Published: Apr 11, 2001Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks.

Affected (1)

Products: Don Libes: Expect

Don Libes

1 product

Expect

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Don Libes Expect	Version 5.2.8

References (12)

http://archives.neohapsis.com/archives/bugtraq/2001-04/0173.html

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2001-04/0192.html

Source: cve@mitre.org

http://securitytracker.com/id?1001303

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/527736

Source: cve@mitre.org

US Government Resource

http://www.securityfocus.com/bid/2632

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/6382

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2001-04/0173.html