CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-1378

PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak random number generator (C++ rand function) during generation of the database encryption key, which makes it easier for attackers to decrypt the database and steal passwords by generating keys for all possible rand() seed values and conducting a known plaintext attack.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 12.4%

CVSS Severity

CVSS v2 Score 4.9

References

http://securityreason.com/securityalert/618
http://www.securityfocus.com/archive/1/428552/100/0/threaded
http://www.securityfocus.com/archive/1/445509/100/0/threaded
http://www.securityfocus.com/bid/17200
https://exchange.xforce.ibmcloud.com/vulnerabilities/25429
http://securityreason.com/securityalert/618
http://www.securityfocus.com/archive/1/428552/100/0/threaded
http://www.securityfocus.com/archive/1/445509/100/0/threaded
http://www.securityfocus.com/bid/17200
https://exchange.xforce.ibmcloud.com/vulnerabilities/25429

Products affected by CVE-2006-1378

Counterpane » Password Safe » Version: 3.0

cpe:2.3:a:counterpane:password_safe:3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-1378

Products

Pricing

Contact Us