Overview
Mkpasswd generates passwords that are insufficiently random.
Description
Mkpasswd is a password generation utility included with Red Hat Linux and possibly other Linux distributions. Mkpasswd generates passwords that are not sufficiently random, which may allow an attacker to predict passwords and consequently gain unauthorized access to other accounts on the system. This vulnerability occurs because mkpasswd uses the current process ID as the seed for the random number generator. Because of this, the number of passwords is limited to the size of the process table on the operating system. |
Impact
An attacker may be able to predict passwords and consequently gain unauthorized access to other accounts on the system. |
Solution
Apply a patch from your vendor. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was reported by Shez
This document was written by Ian A. Finlay.
Other Information
| CVE IDs: | None |
| Severity Metric: | 7.03 |
| Date Public: | 2001-04-11 |
| Date First Published: | 2003-04-02 |
| Date Last Updated: | 2003-04-11 12:39 UTC |
| Document Revision: | 19 |