CVE-2006-6682 - OpenCVE

Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Chetcpasswd Project	Chetcpasswd

Configuration 1 [-]

cpe:2.3:a:chetcpasswd_project:chetcpasswd:2.3.3:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454
http://marc.info/?l=bugtraq&m=116371297325564&w=2
http://secunia.com/advisories/22967
http://www.osvdb.org/30545
http://www.securityfocus.com/bid/21102
https://exchange.xforce.ibmcloud.com/vulnerabilities/30454

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-12-21T19:00:00

Updated: 2024-08-07T20:33:59.875Z

Reserved: 2006-12-21T00:00:00

Link: CVE-2006-6682

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2006-12-21T19:28:00.000

Modified: 2019-11-14T13:21:06.063

Link: CVE-2006-6682

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-10-21T00:00:00", "descriptions": [{"lang": "en", "value": "Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "30545", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/30545"}, {"name": "chetcpasswd-error-message-enumeration(30454)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30454"}, {"name": "22967", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22967"}, {"name": "21102", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21102"}, {"name": "20061113 Chetcpasswd 2.x: multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=116371297325564&w=2"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6682", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "30545", "refsource": "OSVDB", "url": "http://www.osvdb.org/30545"}, {"name": "chetcpasswd-error-message-enumeration(30454)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30454"}, {"name": "22967", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22967"}, {"name": "21102", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21102"}, {"name": "20061113 Chetcpasswd 2.x: multiple vulnerabilities", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=116371297325564&w=2"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454", "refsource": "MISC", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:33:59.875Z"}, "title": "CVE Program Container", "references": [{"name": "30545", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/30545"}, {"name": "chetcpasswd-error-message-enumeration(30454)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30454"}, {"name": "22967", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22967"}, {"name": "21102", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21102"}, {"name": "20061113 Chetcpasswd 2.x: multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=116371297325564&w=2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6682", "datePublished": "2006-12-21T19:00:00", "dateReserved": "2006-12-21T00:00:00", "dateUpdated": "2024-08-07T20:33:59.875Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:chetcpasswd_project:chetcpasswd:2.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "170A9231-C1BB-42D6-A6AD-005A2DB63C52", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system."}, {"lang": "es", "value": "Pedro Lineu Orso chetcpasswd 2.3.3 provee un mensaje de error diferente cuando una petici\u00f3n de un usuario v\u00e1lido falla en comparaci\u00f3n con el que devuelve con un usuario no v\u00e1lido, lo que permite a atacantes remotos determinar nombres de usuarios v\u00e1lidos del sistema."}], "id": "CVE-2006-6682", "lastModified": "2019-11-14T13:21:06.063", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-21T19:28:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=116371297325564&w=2"}, {"source": "cve@mitre.org", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://secunia.com/advisories/22967"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Permissions Required", "Third Party Advisory"], "url": "http://www.osvdb.org/30545"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/21102"}, {"source": "cve@mitre.org", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30454"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-388"}], "source": "nvd@nist.gov", "type": "Primary"}]}