Skip to main content

Enterprise Mrg CVE-2013-6445

MEDIUM
Cryptographic Issues (CWE-310)
2014-04-30 secalert@redhat.com
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 30, 2014 - 14:22 cve.org
MEDIUM 5.0

DescriptionCVE.org

Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via a brute-force attack.

AnalysisAI

Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-310. Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via a brute-force attack. Affected products include: Redhat Enterprise Mrg.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2013-1892 MEDIUM POC
6.0 Oct 01

MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMo

CVE-2014-3673 HIGH POC
7.5 Nov 10

The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system

CVE-2014-3687 HIGH POC
7.5 Nov 10

The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through

CVE-2020-10757 HIGH POC
7.8 Jun 09

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. Rated high seve

CVE-2016-3699 HIGH POC
7.4 Oct 07

The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure

CVE-2013-3301 HIGH POC
7.2 Apr 29

The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer

CVE-2012-2734 MEDIUM POC
6.8 Sep 28

Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messa

CVE-2019-3459 MEDIUM POC
6.5 Apr 11

A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. Rated

CVE-2013-1773 MEDIUM POC
6.2 Feb 28

Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileg

CVE-2012-2681 MEDIUM POC
5.8 Sep 28

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random nu

CVE-2015-1350 MEDIUM POC
5.5 May 02

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that undersp

CVE-2020-12826 MEDIUM POC
5.3 May 12

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Rated medium severi

Share

CVE-2013-6445 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy