CVE-2006-1283

high

Description

opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/25397

http://www.vupen.com/english/advisories/2006/1074

http://www.securityfocus.com/bid/17194

http://www.osvdb.org/24067

http://securitytracker.com/id?1015817

http://secunia.com/advisories/19347

Details

Source: Mitre, NVD

Published: 2006-03-23

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00053