Vulnerability Details : CVE-2011-0002
Potential exploit
libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values.
Products affected by CVE-2011-0002
- cpe:2.3:a:miloslav_trmac:libuser:*:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.56.17:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.56.10:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.56.9:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.56.1:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.56:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.54.3:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.54.2:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.53.4:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.53.3:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.52.2:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.52.1:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.51.7-7:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.51.7-3:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.51.1-1:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.51:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.49.98:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.49.97:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.32:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.31:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.25:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.24-4:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.24-3:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.10:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.56.16:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.56.15:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.56.8:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.56.7:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.55:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.54.8:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.54.1:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.54:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.53.2:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.53.1:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.52:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.51.12:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.51.7:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.51.6:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.50.2:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.50:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.49.102:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.49.96:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.49.95:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.30:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.29:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.23:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.21:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.56.12:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.56.11:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.56.4:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.56.3:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.56.2:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.54.5:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.54.4:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.53.6:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.53.5:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.52.4:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.52.3:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.51.9:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.51.8:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.51.2:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.51.1-2:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.49.100:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.49.99:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.49.91:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.49.90:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.26:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.25.1:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.16.1:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.11:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.56.14:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.56.13:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.56.6:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.56.5:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.54.7:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.54.6:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.53.8:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.53.7:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.53:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.52.6:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.52.5:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.51.11:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.51.10:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.51.5:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.51.4:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.49.101-2:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.49.101-1:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.49.93:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.49.92:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.28:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.27:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.20:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.18:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:miloslav_trmac:libuser:0.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0002
0.89%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0002
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST |
CWE ids for CVE-2011-0002
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0002
-
http://www.securityfocus.com/bid/45791
libuser 'luseradd' Default Password Security Bypass Vulnerability
-
http://www.vupen.com/english/advisories/2011/0184
Webmail | OVH- OVHVendor Advisory
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Juniper Networks - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPView
-
http://www.redhat.com/support/errata/RHSA-2011-0170.html
Support
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053365.html
[SECURITY] Fedora 14 Update: libuser-0.56.18-3.fc14
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:019
mandriva.com
-
https://bugzilla.redhat.com/show_bug.cgi?id=643227
643227 – (CVE-2011-0002) CVE-2011-0002 libuser creates LDAP users with a default passwordExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/64677
libuser password security bypass CVE-2011-0002 Vulnerability Report
-
https://fedorahosted.org/libuser/browser/NEWS?rev=libuser-0.57
Infrastructure/Fedorahosted-retirement - Fedora Project Wiki
-
http://www.vupen.com/english/advisories/2011/0226
Webmail | OVH- OVH
-
http://www.vupen.com/english/advisories/2011/0201
Webmail | OVH- OVH
-
http://securitytracker.com/id?1024960
Libuser LDAP Account Creation Default Password May Let Users Bypass Security Controls - SecurityTracker
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053378.html
[SECURITY] Fedora 13 Update: libuser-0.56.16-1.fc13.2
Jump to