CVE-2001-1106 Information

Description

The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure.

Reference

http://www.securityfocus.com/archive/1/199418 http://www.securityfocus.com/bid/3095 https://exchange.xforce.ibmcloud.com/vulnerabilities/6909