Vulnerability Note VU#178560
Dallas Semiconductor iButton DS1991 vulnerable to dictionary attack
The Dallas Semiconductor iButton DS1991 is vulnerable to a dictionary attack, allowing an intruder to recover passwords.
The Dallas Semiconductor iButton DS1911 stores 1 kilobyte of data in 3 separate password-protected areas. It includes functionality intended to prevent passwords guessing, but is vulnerable to dictionary attacks. For more information, see the advisory published by @stake Research Labs, available at
Intruders can use a dictionary attack to recover passwords.
Use passwords not found in any dictionary of any language, rewrite your application, or upgrade to the DS1963S.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Dallas Semiconductor||Affected||-||06 May 2001|
CVSS Metrics (Learn More)
Our thanks to @stake Research Labs for the information contained in their advisory.
This document was written by Shawn V. Hernan.
- CVE IDs: Unknown
- Date Public: 18 Jan 2001
- Date First Published: 06 May 2001
- Date Last Updated: 21 Jun 2001
- Severity Metric: 8.73
- Document Revision: 8
If you have feedback, comments, or additional information about this vulnerability, please send us email.