CVE-2004-2394

Published: Dec 31, 2004Modified: Apr 16, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks.

Affected (11)

Products: Mandrakesoft: Mandrake Multi Network Firewall, Mandrake Linux, Mandrake Linux Corporate Server

Mandrakesoft

3 products

Mandrake Multi Network Firewall

Mandrake Linux

Mandrake Linux Corporate Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mandrakesoft Mandrake Multi Network Firewall	Version 8.2

Configuration B

10 vulnerable

Vulnerable Software	Affected Versions
Mandrakesoft Mandrake Linux	Version 10.0
Mandrakesoft Mandrake Linux	Version 8.2
Mandrakesoft Mandrake Linux	Version 8.2
Mandrakesoft Mandrake Linux	Version 9.0
Mandrakesoft Mandrake Linux	Version 9.1
Mandrakesoft Mandrake Linux	Version 9.1
Mandrakesoft Mandrake Linux	Version 9.2
Mandrakesoft Mandrake Linux	Version 9.2
Mandrakesoft Mandrake Linux Corporate Server	Version 2.1
Mandrakesoft Mandrake Linux Corporate Server	Version 2.1