[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PROPOSAL: Cluster 18 - PASS (14 candidates)



The following cluster highlights a number of the CF content decisions
that I mentioned in earlier emails.  This list is not comprehensive
with respect to all password selection problems, but it reflects what
I've seen in the security tools I've examined.

PASS (14 candidates) --> Configuration problems related to passwords
Scheduled Proposed: 7/6
Scheduled Interim Decision: 7/26
Scheduled Final Decision: 7/30

- Steve



Summary of votes to use (in ascending order of "severity"):

ACCEPT - member accepts the candidate as proposed
NOOP - member has no opinion on the candidate
MODIFY - member wants to change some minor detail (e.g. reference/description)
REVIEWING - member is reviewing/researching the candidate
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

Please write your vote on the line that starts with "VOTE: ".  If you
want to add comments or details, add them to lines after the VOTE: line.


=================================
Candidate: CAN-1999-0501
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: CF

A Unix account has a guessable password.

VOTE:

=================================
Candidate: CAN-1999-0502
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: CF

A Unix account has a default, null, blank, or missing password.

VOTE:

=================================
Candidate: CAN-1999-0503
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: CF

A Windows NT local user or administrator account has a guessable
password.

VOTE:

=================================
Candidate: CAN-1999-0504
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: CF

A Windows NT local user or administrator account has a default, null,
blank, or missing password.

VOTE:

=================================
Candidate: CAN-1999-0505
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: CF

A Windows NT domain user or administrator account has a guessable
password.

VOTE:

=================================
Candidate: CAN-1999-0506
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: CF

A Windows NT domain user or administrator account has a default, null,
blank, or missing password.

VOTE:

=================================
Candidate: CAN-1999-0507
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: CF

An account on a router, firewall, or other network device has a guessable
password.

VOTE:

=================================
Candidate: CAN-1999-0508
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: CF

An account on a router, firewall, or other network device has a
default, null, blank, or missing password.

VOTE:

=================================
Candidate: CAN-1999-0516
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: CF

An SNMP community name is guessable.

VOTE:

=================================
Candidate: CAN-1999-0517
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: CF

An SNMP community name is the default (e.g. public), null, or
missing.

VOTE:

=================================
Candidate: CAN-1999-0518
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: CF

A NETBIOS/SMB share password is guessable.

VOTE:

=================================
Candidate: CAN-1999-0519
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: CF

A NETBIOS/SMB share password is the default, null, or missing.

VOTE:

=================================
Candidate: CAN-1999-0521
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: CF

An NIS domain name is easily guessable.

VOTE:

=================================
Candidate: CAN-1999-0541
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990714
Assigned: 19990607
Category: CF

A password for accessing a WWW URL is guessable.

VOTE:

Page Last Updated or Reviewed: May 22, 2007