Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2001-1497

Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack.

Published

2001-12-31T05:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 2.1 (LOW)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

3.9

Impact Score

2.9

Weaknesses
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application microsoft ie 4.0 Yes
Application microsoft ie 4.0.1 Yes
Application microsoft ie 4.0.1 Yes
Application microsoft ie 4.1 Yes
Application microsoft ie 4.1 Yes
Application microsoft ie 4.1 Yes
Application microsoft internet_explorer 4.0 Yes
Application microsoft internet_explorer 4.0.1 Yes
Application microsoft internet_explorer 4.0.1 Yes
Application microsoft internet_explorer 5.5 Yes
Application microsoft internet_explorer 5.5 Yes
Application microsoft internet_explorer 5.5 Yes
Application microsoft internet_explorer 6.0 Yes
References