Weak Password Encryption in Knox Arkeia Server 4.2

Weak Password Encryption in Knox Arkeia Server 4.2

CVE-2001-0967 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an attacker to conduct brute force password guessing.

Learn more about our Cis Benchmark Audit For Server Software.