CVE-2006-1058
First published: Tue Apr 04 2006(Updated: )
BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| BusyBox | =1.1.1 | |
| Avaya Aura Application Enablement Services | =4.01 | |
| Avaya Aura Application Enablement Services | =4.1 | |
| Avaya Aura SIP Enablement Services | <5.0 | |
| Avaya Message Networking | ||
| Avaya Modular Messaging Message Storage Server | >=3.0<4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.busybox.net/view.php?id=604
- http://www.securityfocus.com/bid/17330
- http://secunia.com/advisories/19477
- http://www.redhat.com/support/errata/RHSA-2007-0244.html
- http://secunia.com/advisories/25098
- http://support.avaya.com/elmodocs2/security/ASA-2007-250.htm
- http://secunia.com/advisories/25848
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25569
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9483
Frequently Asked Questions
What is the severity of CVE-2006-1058?
CVE-2006-1058 is considered a high severity vulnerability due to the lack of password salting, making it easier for attackers to exploit stolen password files.
How do I fix CVE-2006-1058?
To fix CVE-2006-1058, upgrade to a version of BusyBox that includes salt in password generation or implement an external solution that mitigates password cracking.
Who is affected by CVE-2006-1058?
CVE-2006-1058 affects systems running BusyBox version 1.1.1 and certain Avaya products that utilize BusyBox for password management.
What are the risks associated with CVE-2006-1058?
The risks associated with CVE-2006-1058 include unauthorized access to systems and data as attackers can easily crack unsalted passwords.
How can I mitigate the impact of CVE-2006-1058?
To mitigate the impact of CVE-2006-1058, consider using stronger password policies, multi-factor authentication, and regularly auditing password strength.
- agent/type
- agent/severity
- agent/weakness
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- vendor/busybox
- canonical/busybox
- version/busybox/1.1.1
- vendor/avaya
- canonical/avaya aura application enablement services
- version/avaya aura application enablement services/4.01
- version/avaya aura application enablement services/4.1
- canonical/avaya aura sip enablement services
- canonical/avaya message networking
- canonical/avaya modular messaging message storage server
- version/avaya modular messaging message storage server/3.0