CVE-2006-0584

Name of the Vulnerable Software and Affected Versions PeopleSoft People Tools versions 8.4x

Description The issue concerns the PSCipher function, which uses PKCS #5 with a fixed DES key for storing user passwords. This makes it easier for local users to guess passwords via a dictionary attack by comparing output strings.

Recommendations For PeopleSoft People Tools versions 8.4x, consider updating the password storage mechanism to use a more secure encryption method. As a temporary workaround, restrict access to sensitive areas of the system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.