Vulnerability Details CVE-2001-1497
Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.7%
CVSS Severity
CVSS v2 Score 2.1
References
- http://www.iss.net/security_center/static/7592.php
- http://www.securityfocus.com/archive/1/241323
- http://www.securityfocus.com/archive/1/241400
- http://www.securityfocus.com/bid/3563
- http://www.iss.net/security_center/static/7592.php
- http://www.securityfocus.com/archive/1/241323
- http://www.securityfocus.com/archive/1/241400
- http://www.securityfocus.com/bid/3563
Products affected by CVE-2001-1497
-
cpe:2.3:a:microsoft:ie:4.0
-
cpe:2.3:a:microsoft:ie:4.0.1
-
cpe:2.3:a:microsoft:ie:4.1
-
cpe:2.3:a:microsoft:internet_explorer:4.0
-
cpe:2.3:a:microsoft:internet_explorer:4.0.1
-
cpe:2.3:a:microsoft:internet_explorer:5.5
-
cpe:2.3:a:microsoft:internet_explorer:6.0