CVE-2008-6792
CVE-2008-6792 is a medium-severity vulnerability in Ubuntu Linux with a CVSS 2.0 base score of 5.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-310.
Key facts
- Severity: Medium (CVSS 2.0 base score 5.0)
- EPSS exploit prediction: 1% (62nd percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-310
- Affected product: Ubuntu Linux
- Published:
- Last modified:
Description
system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully conduct brute-force password attacks.
Frequently asked questions
- What is CVE-2008-6792?
- system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully conduct brute-force password attacks.
- How severe is CVE-2008-6792?
- CVE-2008-6792 has a CVSS 2.0 base score of 5.0, rated medium severity.
- Is CVE-2008-6792 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (62nd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2008-6792?
- CVE-2008-6792 affects Ubuntu Linux. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2008-6792?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2008-6792 published?
- CVE-2008-6792 was published on 2009-05-07 and last updated on 2026-06-16.
References
- http://osvdb.org/50037
- http://secunia.com/advisories/32566
- http://www.ubuntu.com/usn/usn-663-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50435
- https://launchpad.net/bugs/287134
Affected products (1)
- cpe:2.3:o:ubuntu:linux:8.10:*:*:*:*:*:*:*
More vulnerabilities in Ubuntu Linux
- CVE-2008-4306 — Critical (CVSS 9.3): Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape…
- CVE-2009-1601 — Medium (CVSS 6.8): The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership…
- CVE-2008-2285 — Medium (CVSS 5.0): The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain…
- CVE-2011-4613 — Medium (CVSS 4.6): The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user…
- CVE-2009-1573 — Medium (CVSS 4.6): xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie…
All CVEs affecting Ubuntu Linux →
Other CWE-310 (Cryptographic Issues) vulnerabilities
- CVE-2014-7878 — Critical (CVSS 10.0): The Application Lifecycle Service (ALS) in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived…
- CVE-2013-3712 — Critical (CVSS 10.0): SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has…
- CVE-2013-6952 — Critical (CVSS 10.0): The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote…
- CVE-2013-6838 — Critical (CVSS 10.0): An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro (VIP2000)…
- CVE-2013-0137 — Critical (CVSS 10.0): The default configuration of the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189…
- CVE-2011-5123 — Critical (CVSS 10.0): The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not check whether X.509 certificates in…