CyberSec.Space Logo
Back to CVE Browser

CVE-2001-1106

HIGH
7.5
CVSS Severity Score
EPSS Score0.1880%
EPSS Percentile17.63th
PublishedJul 25, 2001
Last ModifiedApr 16, 2026

Vulnerability Description

The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure.

Affected Platforms (CPE)

πŸ“¦
Sambar

Sambar Server

= 4.1
πŸ“¦
Sambar

Sambar Server

= 4.2.1_production
πŸ“¦
Sambar

Sambar Server

= 4.3
πŸ“¦
Sambar

Sambar Server

= 4.4
πŸ“¦
Sambar

Sambar Server

= 5.0
πŸ“¦
Sambar

Sambar Server

= 5.0
πŸ“¦
Sambar

Sambar Server

= 5.0
πŸ“¦
Sambar

Sambar Server

= 5.0
πŸ“¦
Sambar

Sambar Server

= 5.0

References & Advisories

πŸ”— http://www.securityfocus.com/archive/1/199418
πŸ”— http://www.securityfocus.com/bid/3095
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/6909
πŸ”— http://www.securityfocus.com/archive/1/199418
πŸ”— http://www.securityfocus.com/bid/3095
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/6909

Related Vulnerabilities

CVE-2000-050910.0

Buffer overflows in the finger and whois demonstration scripts in Sambar Server 4.3 allow remote attackers to execute arbitrary co...

CVE-2002-01287.5

cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers to cause a denial of service, and possibly execute arbitrar...

CVE-1999-15237.5

Buffer overflow in Sambar Web Server 4.2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary co...

CVE-2003-12867.5

HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to sen...