Back to search
CVE-2001-1169
Published: Mar 15, 2002
Modified: Aug 8, 2024
PUBLISHED
Description
keyinit in S/Key does not require authentication to initialize a one-time password sequence, which allows an attacker who has gained privileges to a user account to create new one-time passwords for use in other activities that may use S/Key authentication, such as sudo.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20010902 S/Key keyinit(1) authentication (lack thereof) + sudo(1)
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now