[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CONTENT DECISION: Content Decisions for "Password Selection" problems



At 11:05 AM -0700 7/16/99, Aleph One wrote:

>If we follow the logic we did during our meeting at Black Hats
>then each distinct non-announced account/password should be a
>separate CVE entry. If I am using a scanner I want to know whether
>it knows about the specific 3com backdoor, not whether its knowns
>about backdoors in some general sense. Ditto for default passwords.
>

How about a single CVE entry that explicitely enumerates all default or
non-announced accounts/passwords with version numbers of the affected
software, or points to a comprehensive list of them?  I would think it is a
compact notation completely equivalent to having separate entries.
Pascal

Page Last Updated or Reviewed: May 22, 2007