Re: CONTENT DECISION: Content Decisions for "Password Selection" problems

• To: cve-editorial-board-list@lists.mitre.org
• Subject: Re: CONTENT DECISION: Content Decisions for "Password Selection" problems
• From: Pascal Meunier <pascalm@cup.hp.com>
• Date: Sun, 18 Jul 1999 17:20:47 -0800
• In-Reply-To: <19990716110548.A103@underground.org>
• References: <199907161652.MAA14422@basie.mitre.org>; from Steven M. Christey on Fri, Jul 16, 1999 at 12:52:30PM -0400 <199907161652.MAA14422@basie.mitre.org>
• Sender: owner-cve-editorial-board-list@lists.mitre.org

At 11:05 AM -0700 7/16/99, Aleph One wrote:

>If we follow the logic we did during our meeting at Black Hats
>then each distinct non-announced account/password should be a
>separate CVE entry. If I am using a scanner I want to know whether
>it knows about the specific 3com backdoor, not whether its knowns
>about backdoors in some general sense. Ditto for default passwords.
>

How about a single CVE entry that explicitely enumerates all default or
non-announced accounts/passwords with version numbers of the affected
software, or points to a comprehensive list of them?  I would think it is a
compact notation completely equivalent to having separate entries.
Pascal

• Follow-Ups:
  • Re: CONTENT DECISION: Content Decisions for "Password Selection" problems
    • From: Adam Shostack <adam@NETECT.COM>

• References:
  • Re: CONTENT DECISION: Content Decisions for "Password Selection" problems
    • From: "Steven M. Christey" <coley@linus.mitre.org>
  • Re: CONTENT DECISION: Content Decisions for "Password Selection" problems
    • From: Aleph One <aleph1@underground.org>

• Prev by Date: Exploding CVE entries
• Next by Date: Re: CONTENT DECISION: Content Decisions for "Password Selection" problems
• Prev by thread: Re: CONTENT DECISION: Content Decisions for "Password Selection" problems
• Next by thread: Re: CONTENT DECISION: Content Decisions for "Password Selection" problems
• Index(es):
  • Date
  • Thread