|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] PROPOSAL: Cluster 18 - PASS (14 candidates)
The following cluster highlights a number of the CF content decisions that I mentioned in earlier emails. This list is not comprehensive with respect to all password selection problems, but it reflects what I've seen in the security tools I've examined. PASS (14 candidates) --> Configuration problems related to passwords Scheduled Proposed: 7/6 Scheduled Interim Decision: 7/26 Scheduled Final Decision: 7/30 - Steve Summary of votes to use (in ascending order of "severity"): ACCEPT - member accepts the candidate as proposed NOOP - member has no opinion on the candidate MODIFY - member wants to change some minor detail (e.g. reference/description) REVIEWING - member is reviewing/researching the candidate RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. ================================= Candidate: CAN-1999-0501 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: CF A Unix account has a guessable password. VOTE: ================================= Candidate: CAN-1999-0502 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: CF A Unix account has a default, null, blank, or missing password. VOTE: ================================= Candidate: CAN-1999-0503 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: CF A Windows NT local user or administrator account has a guessable password. VOTE: ================================= Candidate: CAN-1999-0504 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: CF A Windows NT local user or administrator account has a default, null, blank, or missing password. VOTE: ================================= Candidate: CAN-1999-0505 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: CF A Windows NT domain user or administrator account has a guessable password. VOTE: ================================= Candidate: CAN-1999-0506 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: CF A Windows NT domain user or administrator account has a default, null, blank, or missing password. VOTE: ================================= Candidate: CAN-1999-0507 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: CF An account on a router, firewall, or other network device has a guessable password. VOTE: ================================= Candidate: CAN-1999-0508 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: CF An account on a router, firewall, or other network device has a default, null, blank, or missing password. VOTE: ================================= Candidate: CAN-1999-0516 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: CF An SNMP community name is guessable. VOTE: ================================= Candidate: CAN-1999-0517 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: CF An SNMP community name is the default (e.g. public), null, or missing. VOTE: ================================= Candidate: CAN-1999-0518 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: CF A NETBIOS/SMB share password is guessable. VOTE: ================================= Candidate: CAN-1999-0519 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: CF A NETBIOS/SMB share password is the default, null, or missing. VOTE: ================================= Candidate: CAN-1999-0521 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: CF An NIS domain name is easily guessable. VOTE: ================================= Candidate: CAN-1999-0541 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990714 Assigned: 19990607 Category: CF A password for accessing a WWW URL is guessable. VOTE:
|
||||
