CVE-2006-4068
Last modified
CVE-2006-4068 is a vulnerability of currently unknown severity. The pswd.js script relies on the client to calculate whether a username and password match hard-coded hashed values for a server, and uses a hashing scheme that creates a large number of collisions, which makes it easier for remote attackers to conduct offline brute force attacks. NOTE: this script might also allow attackers to generate the server-side "secret" URL without determining the original password, but this possibility was not discussed by the original researcher.. EPSS estimates a 2.68% chance of exploitation in the next 30 days.
Description
The pswd.js script relies on the client to calculate whether a username and password match hard-coded hashed values for a server, and uses a hashing scheme that creates a large number of collisions, which makes it easier for remote attackers to conduct offline brute force attacks. NOTE: this script might also allow attackers to generate the server-side "secret" URL without determining the original password, but this possibility was not discussed by the original researcher.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Pswd.Js | Pswd.Js | All versions |
References
- http://www.securityfocus.com/archive/1/442120Exploit, Vendor Advisory
- http://www.securityfocus.com/archive/1/442120Exploit, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-4068?
How severe is CVE-2006-4068?
How do I fix CVE-2006-4068?
Are you affected by CVE-2006-4068?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST