CVE-2006-4021

The cryptographic module in ScatterChat 1.0.x allows attackers to identify patterns in large numbers of messages by identifying collisions using a birthday attack on the custom padding mechanism for ECB mode encryption.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://securityreason.com/securityalert/1396
http://www.scatterchat.com/advisories/2006-01_non_tech.html	Vendor Advisory URL Repurposed
http://www.scatterchat.com/advisories/2006-01_tech.html	Vendor Advisory URL Repurposed
http://www.securityfocus.com/archive/1/443038/100/100/threaded
http://www.securityfocus.com/bid/19485

Configurations

Configuration 1 (hide)

cpe:2.3:a:scatterchat:scatterchat:1.0.1:*:*:*:*:*:*:*

History

14 Feb 2024, 01:17

Type	Values Removed	Values Added
References	~~(CONFIRM) http://www.scatterchat.com/advisories/2006-01_tech.html - Vendor Advisory~~	(CONFIRM) http://www.scatterchat.com/advisories/2006-01_tech.html - Vendor Advisory, URL Repurposed
References	~~(CONFIRM) http://www.scatterchat.com/advisories/2006-01_non_tech.html - Vendor Advisory~~	(CONFIRM) http://www.scatterchat.com/advisories/2006-01_non_tech.html - Vendor Advisory, URL Repurposed

Information

Published : 2006-08-17 21:04

Updated : 2024-02-28 10:42

NVD link : CVE-2006-4021

Mitre link : CVE-2006-4021

CVE.ORG link : CVE-2006-4021

JSON object : View

Products Affected

scatterchat

scatterchat

CWE

NVD-CWE-Other

{"id": "CVE-2006-4021", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-08-17T21:04:00.000", "references": [{"url": "http://securityreason.com/securityalert/1396", "source": "cve@mitre.org"}, {"url": "http://www.scatterchat.com/advisories/2006-01_non_tech.html", "tags": ["Vendor Advisory", "URL Repurposed"], "source": "cve@mitre.org"}, {"url": "http://www.scatterchat.com/advisories/2006-01_tech.html", "tags": ["Vendor Advisory", "URL Repurposed"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/443038/100/100/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/19485", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The cryptographic module in ScatterChat 1.0.x allows attackers to identify patterns in large numbers of messages by identifying collisions using a birthday attack on the custom padding mechanism for ECB mode encryption."}, {"lang": "es", "value": "El m\u00f3dulo criptogr\u00e1fico en ScatterChat 1.0.x permite a atacantes identificar patrones en gran n\u00famero de mensajes mediante la identificaci\u00f3n de colisiones utilizando un \"ataque de cumplea\u00f1os\" (birthday attack) en el mecanismo de relleno espec\u00edfico para el modo ECB de cifrado."}], "lastModified": "2024-02-14T01:17:43.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:scatterchat:scatterchat:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "798E948D-3CF2-48DD-B490-13EC82F20D1C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "This vulnerability will be addressed in the following future product release:\r\nScatterChat, ScatterChat, 2.0"}