CVE-2001-1106

Name of the Vulnerable Software and Affected Versions Sambar Server versions 5 and earlier

Description The default configuration of the software uses a symmetric key compiled into the binary program for encrypting passwords. This could allow local users to break all user passwords by either cracking the key or modifying a copy of the program to call the decryption procedure.

Recommendations For Sambar Server versions 5 and earlier, consider reconfiguring the password encryption to use a more secure method, such as generating unique keys for each user, to mitigate the risk of password compromise. As a temporary workaround, restrict local access to the server to minimize the risk of exploitation.