CVE DATABASE / CVE-2006-1058
CVE-2006-1058
CVSS 5.5 · MEDIUM
Summary
BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.
CVSS 3.1 breakdown
| Base score | 5.5 (MEDIUM) |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | NONE |
| Availability | NONE |
Weakness type (CWE)
Affected products
Busybox busyboxAvaya aura application enablement servicesAvaya aura sip enablement servicesAvaya message networkingAvaya messaging storage server
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://bugs.busybox.net/view.php?id=604
- http://secunia.com/advisories/19477
- http://secunia.com/advisories/25098
- http://secunia.com/advisories/25848
- http://support.avaya.com/elmodocs2/security/ASA-2007-250.htm
- http://www.redhat.com/support/errata/RHSA-2007-0244.html
- http://www.securityfocus.com/bid/17330
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25569
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9483
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.