CVE-2006-1378
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/03/2006
Last modified:
03/04/2025
Description
PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak random number generator (C++ rand function) during generation of the database encryption key, which makes it easier for attackers to decrypt the database and steal passwords by generating keys for all possible rand() seed values and conducting a known plaintext attack.
Impact
Base Score 2.0
4.90
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:counterpane:password_safe:3.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://securityreason.com/securityalert/618
- http://www.securityfocus.com/archive/1/428552/100/0/threaded
- http://www.securityfocus.com/archive/1/445509/100/0/threaded
- http://www.securityfocus.com/bid/17200
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25429
- http://securityreason.com/securityalert/618
- http://www.securityfocus.com/archive/1/428552/100/0/threaded
- http://www.securityfocus.com/archive/1/445509/100/0/threaded
- http://www.securityfocus.com/bid/17200
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25429