Re: CONTENT DECISION: Content Decisions for "Password Selection" problems
At 11:05 AM -0700 7/16/99, Aleph One wrote:
>If we follow the logic we did during our meeting at Black Hats
>then each distinct non-announced account/password should be a
>separate CVE entry. If I am using a scanner I want to know whether
>it knows about the specific 3com backdoor, not whether its knowns
>about backdoors in some general sense. Ditto for default passwords.
How about a single CVE entry that explicitely enumerates all default or
non-announced accounts/passwords with version numbers of the affected
software, or points to a comprehensive list of them? I would think it is a
compact notation completely equivalent to having separate entries.