CVE-2011-0002

Description

libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values.

How to fix CVE-2011-0002

To remediate CVE-2011-0002, upgrade the affected package to a fixed version below.

• Debian/libuser—upgrade to 1:0.56.9.dfsg.1-1.1 or later

Is CVE-2011-0002 being exploited?

Low — EPSS is 2.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1:0.56.9.dfsg.1-1.1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-0002