[ Date Prev ][ Date Next ][ Thread Prev ][ Thread Next ][ Date Index ][ Thread Index ]

Re: CONTENT DECISION: Content Decisions for "Password Selection" problems

To : cve-editorial-board-list@lists.mitre.org
Subject : Re: CONTENT DECISION: Content Decisions for "Password Selection" problems
From : Pascal Meunier < pascalm@cup.hp.com >
Date : Sun, 18 Jul 1999 17:20:47 -0800
In-Reply-To : < 19990716110548.A103@underground.org >
References : < 199907161652.MAA14422@basie.mitre.org >; from Steven M. Christey on Fri, Jul 16, 1999 at 12:52:30PM -0400 < 199907161652.MAA14422@basie.mitre.org >
Sender : owner-cve-editorial-board-list@lists.mitre.org

At 11:05 AM -0700 7/16/99, Aleph One wrote:

>If we follow the logic we did during our meeting at Black Hats
>then each distinct non-announced account/password should be a
>separate CVE entry. If I am using a scanner I want to know whether
>it knows about the specific 3com backdoor, not whether its knowns
>about backdoors in some general sense. Ditto for default passwords.
>

How about a single CVE entry that explicitely enumerates all default or
non-announced accounts/passwords with version numbers of the affected
software, or points to a comprehensive list of them?  I would think it is a
compact notation completely equivalent to having separate entries.
Pascal

Follow-Ups :
- Re: CONTENT DECISION: Content Decisions for "Password Selection" problems
  - From: Adam Shostack <adam@NETECT.COM>

References :
- Re: CONTENT DECISION: Content Decisions for "Password Selection" problems
  - From: "Steven M. Christey" <coley@linus.mitre.org>
- Re: CONTENT DECISION: Content Decisions for "Password Selection" problems
  - From: Aleph One <aleph1@underground.org>

Prev by Date: Exploding CVE entries
Next by Date: Re: CONTENT DECISION: Content Decisions for "Password Selection" problems
Prev by thread: Re: CONTENT DECISION: Content Decisions for "Password Selection" problems
Next by thread: Re: CONTENT DECISION: Content Decisions for "Password Selection" problems
Index(es):
- Date
- Thread

Page Last Updated or Reviewed: May 22, 2007

Site Map | Terms of Use | Privacy Policy | Contact Us | Follow CVE

Use of the CVE^™ List and the associated references from this website are subject to the terms of use . CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2021, The MITRE Corporation . CVE is a registered trademark and the CVE logo is a trademark of The MITRE Corporation.