CVE: CVE-2006-1058

Export to Word

BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.

Threat-Mapped Scoring

Score: 3.0

Priority: P2 - Serious (High)

S1 – Steal Customer Account Information

EPSS

Score: 0.00045
Percentile: 0.13507

CVSS Scoring

CVSS v3.1 Score: 5.5

Severity: MEDIUM

Mapped CWE(s)

CWE-916 : Use of Password Hash With Insufficient Computational Effort

All CAPEC(s)

CAPEC-55: Rainbow Table Password Cracking

CAPEC(s) with Mapped TTPs

CAPEC-55: Rainbow Table Password Cracking
Mapped TTPs:
- T1110.002 : Password Cracking

Mapped ATT&CK TTPs

T1110.002 : Password Cracking
Kill Chain: credential-access

Malware

Net Crawler

APTs Threat Group Associations

Campaigns

Night Dragon

Affected Products

cpe:2.3:a:busybox:busybox:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_enablement_services:4.01:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_enablement_services:4.1:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_sip_enablement_services:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:message_networking:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:messaging_storage_server:*:*:*:*:*:*:*:*

← Back to Home