CVE-2001-1497 - Vulnerability Details - OpenCVE

Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Ie Internet Explorer

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:ie:4.0::windows_nt:::::
	cpe:2.3:a:microsoft:ie:4.0.1::windows_98:::::
	cpe:2.3:a:microsoft:ie:4.0.1::windows_nt:::::
	cpe:2.3:a:microsoft:ie:4.1::windows_95:::::
	cpe:2.3:a:microsoft:ie:4.1::windows_98:::::
	cpe:2.3:a:microsoft:ie:4.1::windows_nt_4.0:::::
	cpe:2.3:a:microsoft:internet_explorer:4.0:::::::*
	cpe:2.3:a:microsoft:internet_explorer:4.0.1:::::::*
	cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2::::::
	cpe:2.3:a:microsoft:internet_explorer:5.5:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.5:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:5.5:sp2::::::
	cpe:2.3:a:microsoft:internet_explorer:6.0:::::::*

No data.

References

Link	Providers
http://www.iss.net/security_center/static/7592.php
http://www.securityfocus.com/archive/1/241323
http://www.securityfocus.com/archive/1/241400
http://www.securityfocus.com/bid/3563

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-06-21T04:00:00

Updated: 2024-08-08T04:58:11.581Z

Reserved: 2005-06-21T00:00:00

Link: CVE-2001-1497

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2001-12-31T05:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2001-1497

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2001-11-21T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2005-07-06T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "3563", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/3563"}, {"name": "20011120 Re: MS IE Password inputs", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/241400"}, {"name": "20011121 MS IE Password inputs", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/241323"}, {"name": "ie-password-character-information(7592)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/7592.php"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-1497", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "3563", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3563"}, {"name": "20011120 Re: MS IE Password inputs", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/241400"}, {"name": "20011121 MS IE Password inputs", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/241323"}, {"name": "ie-password-character-information(7592)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/7592.php"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T04:58:11.581Z"}, "title": "CVE Program Container", "references": [{"name": "3563", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/3563"}, {"name": "20011120 Re: MS IE Password inputs", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/241400"}, {"name": "20011121 MS IE Password inputs", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/241323"}, {"name": "ie-password-character-information(7592)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/7592.php"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-1497", "datePublished": "2005-06-21T04:00:00", "dateReserved": "2005-06-21T00:00:00", "dateUpdated": "2024-08-08T04:58:11.581Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_nt:*:*:*:*:*", "matchCriteriaId": "077B638C-F14D-4048-86C8-B62517C5182F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_98:*:*:*:*:*", "matchCriteriaId": "ACC3A8B3-4E8C-46BD-965C-4EF655B9018D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:ie:4.0.1:*:windows_nt:*:*:*:*:*", "matchCriteriaId": "F7739338-DAE1-403F-B22C-2CFAC884E09A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_95:*:*:*:*:*", "matchCriteriaId": "D45C47A8-8B5F-4A49-8B36-FCBA09029375", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_98:*:*:*:*:*", "matchCriteriaId": "0CFF1B46-BEDD-4D96-90EA-EE4376AFCAF8", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_nt_4.0:*:*:*:*:*", "matchCriteriaId": "84730D4D-7887-4A64-8C76-F50C85309FE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "42502347-DD40-4F8C-9861-C0A88A3F8608", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "C375A9AA-505B-444C-A45F-2BAAD0B2CD0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack."}], "id": "CVE-2001-1497", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2001-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/7592.php"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/241323"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/241400"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/3563"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/security_center/static/7592.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/241323"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/241400"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/3563"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}