CVE-2006-6682 - Vulnerability Details - OpenCVE

Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00849.

Key SSVC decision points have not yet been added.

Vendors	Products
Chetcpasswd Project	Chetcpasswd

Configuration 1 [-]

cpe:2.3:a:chetcpasswd_project:chetcpasswd:2.3.3:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2006-6665	Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454
http://marc.info/?l=bugtraq&m=116371297325564&w=2
http://secunia.com/advisories/22967
http://www.osvdb.org/30545
http://www.securityfocus.com/bid/21102
https://exchange.xforce.ibmcloud.com/vulnerabilities/30454

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-12-21T19:00:00

Updated: 2024-08-07T20:33:59.875Z

Reserved: 2006-12-21T00:00:00

Link: CVE-2006-6682

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-12-21T19:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2006-6682

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-10-21T00:00:00", "descriptions": [{"lang": "en", "value": "Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "30545", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/30545"}, {"name": "chetcpasswd-error-message-enumeration(30454)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30454"}, {"name": "22967", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22967"}, {"name": "21102", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21102"}, {"name": "20061113 Chetcpasswd 2.x: multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=116371297325564&w=2"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6682", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "30545", "refsource": "OSVDB", "url": "http://www.osvdb.org/30545"}, {"name": "chetcpasswd-error-message-enumeration(30454)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30454"}, {"name": "22967", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22967"}, {"name": "21102", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21102"}, {"name": "20061113 Chetcpasswd 2.x: multiple vulnerabilities", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=116371297325564&w=2"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454", "refsource": "MISC", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:33:59.875Z"}, "title": "CVE Program Container", "references": [{"name": "30545", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/30545"}, {"name": "chetcpasswd-error-message-enumeration(30454)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30454"}, {"name": "22967", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22967"}, {"name": "21102", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21102"}, {"name": "20061113 Chetcpasswd 2.x: multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=116371297325564&w=2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6682", "datePublished": "2006-12-21T19:00:00", "dateReserved": "2006-12-21T00:00:00", "dateUpdated": "2024-08-07T20:33:59.875Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:chetcpasswd_project:chetcpasswd:2.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "170A9231-C1BB-42D6-A6AD-005A2DB63C52", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system."}, {"lang": "es", "value": "Pedro Lineu Orso chetcpasswd 2.3.3 provee un mensaje de error diferente cuando una petici\u00f3n de un usuario v\u00e1lido falla en comparaci\u00f3n con el que devuelve con un usuario no v\u00e1lido, lo que permite a atacantes remotos determinar nombres de usuarios v\u00e1lidos del sistema."}], "id": "CVE-2006-6682", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-21T19:28:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=116371297325564&w=2"}, {"source": "cve@mitre.org", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://secunia.com/advisories/22967"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Permissions Required", "Third Party Advisory"], "url": "http://www.osvdb.org/30545"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/21102"}, {"source": "cve@mitre.org", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30454"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394454"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=116371297325564&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://secunia.com/advisories/22967"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Permissions Required", "Third Party Advisory"], "url": "http://www.osvdb.org/30545"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/21102"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30454"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-388"}], "source": "nvd@nist.gov", "type": "Primary"}]}