search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

mkpasswd uses weak random number generator

Vulnerability Note VU#527736

Original Release Date: 2003-04-02 | Last Revised: 2003-04-11

Overview

Mkpasswd generates passwords that are insufficiently random.

Description

Mkpasswd is a password generation utility included with Red Hat Linux and possibly other Linux distributions. Mkpasswd generates passwords that are not sufficiently random, which may allow an attacker to predict passwords and consequently gain unauthorized access to other accounts on the system. This vulnerability occurs because mkpasswd uses the current process ID as the seed for the random number generator. Because of this, the number of passwords is limited to the size of the process table on the operating system.

Impact

An attacker may be able to predict passwords and consequently gain unauthorized access to other accounts on the system.

Solution

Apply a patch from your vendor.

Vendor Information

527736
 
Expand all

Red Hat Inc. Affected

Updated:  April 02, 2003

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Red Hat has fixed this problem. For details, please see Bugzilla Bug 9507.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Apple Computer Inc. Not Affected

Updated:  April 03, 2003

Status

Not Affected

Vendor Statement

mkpasswd is not shipped with Mac OS X.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Foundry Networks Inc. Not Affected

Updated:  April 04, 2003

Status

Not Affected

Vendor Statement

Foundry Networks do not use the mkpasswd utility in any of its products. Foundry products are not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fujitsu Not Affected

Updated:  April 10, 2003

Status

Not Affected

Vendor Statement

Fujitsu's UXP/V o.s. is not affected by the problem in VU#527736.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hewlett-Packard Company Not Affected

Updated:  April 03, 2003

Status

Not Affected

Vendor Statement

SOURCE:
Hewlett-Packard Company
HP Services
Software Security Response Team

Update 01

x-ref: SSRT3532

Hewlett Packard has investigated this report and find that:

HP-UX - not vulnerable
HP-MPE/ix - not vulnerable
HP Tru64 UNIX - not vulnerable
HP OpenVMS - not vulnerable
HP NonStop Servers - not vulnerable

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hitachi Not Affected

Updated:  April 11, 2003

Status

Not Affected

Vendor Statement

Hitachi's HI-UX/WE2 is NOT vulnerable, because it does not have mkpasswd.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was reported by Shez .

This document was written by Ian A. Finlay.

Other Information

CVE IDs: None
Severity Metric: 7.03
Date Public: 2001-04-11
Date First Published: 2003-04-02
Date Last Updated: 2003-04-11 12:39 UTC
Document Revision: 19

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis