Overview
The Dallas Semiconductor iButton DS1991 is vulnerable to a dictionary attack, allowing an intruder to recover passwords.
Description
The Dallas Semiconductor iButton DS1911 stores 1 kilobyte of data in 3 separate password-protected areas. It includes functionality intended to prevent passwords guessing, but is vulnerable to dictionary attacks. For more information, see the advisory published by @stake Research Labs, available at http://www.atstake.com/research/advisories/2001/a011801-1.txt |
Impact
Intruders can use a dictionary attack to recover passwords. |
Solution
Use passwords not found in any dictionary of any language, rewrite your application, or upgrade to the DS1963S. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Our thanks to @stake Research Labs for the information contained in their advisory.
This document was written by Shawn V. Hernan.
Other Information
| CVE IDs: | None |
| Severity Metric: | 8.73 |
| Date Public: | 2001-01-18 |
| Date First Published: | 2001-05-06 |
| Date Last Updated: | 2001-06-21 04:26 UTC |
| Document Revision: | 8 |