|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: CONTENT DECISION: Content Decisions for "Password Selection" problems
At 11:05 AM -0700 7/16/99, Aleph One wrote: >If we follow the logic we did during our meeting at Black Hats >then each distinct non-announced account/password should be a >separate CVE entry. If I am using a scanner I want to know whether >it knows about the specific 3com backdoor, not whether its knowns >about backdoors in some general sense. Ditto for default passwords. > How about a single CVE entry that explicitely enumerates all default or non-announced accounts/passwords with version numbers of the affected software, or points to a comprehensive list of them? I would think it is a compact notation completely equivalent to having separate entries. Pascal
|
||||
