Launchpad CVE tracker

CVE 2013-4440

Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

Related bugs and status

CVE-2013-4440 (Candidate) is related to these bugs:

Bug #638418: pwgen includes capital Os when generating non-ambiguous passwords

Summary				In	Importance	Status
	638418	pwgen includes capital Os when generating non-ambiguous passwords		pwgen (Ubuntu)	Medium	Fix Released
	638418	pwgen includes capital Os when generating non-ambiguous passwords		pwgen (Debian)	Unknown	Fix Released

Bug #1183213: pwgen falls back to insecure entropy silently

Summary				In	Importance	Status
	1183213	pwgen falls back to insecure entropy silently		pwgen (Ubuntu)	Undecided	Fix Released

Bug #1349863: pwgen does not not honour -B when output is a terminal

Summary				In	Importance	Status
	1349863	pwgen does not not honour -B when output is a terminal		pwgen (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-4440

References