High severityNVD Advisory· Published Mar 30, 2009· Updated Apr 23, 2026

CVE-2008-6549

Description

The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
moinPyPI	< 1.6.1	1.6.1

Affected products

Moinmo/Moinmoin
cpe:2.3:a:moinmo:moinmoin:1.6.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

hg.moinmo.in/moin/1.6/rev/35ff7a9b1546nvdExploit
moinmo.in/SecurityFixesnvdVendor Advisory
github.com/advisories/GHSA-wjjc-m3fc-fcm8ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2008-6549ghsaADVISORY
github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2009-12.yamlghsaWEB
web.archive.org/web/20080410051007/http://moinmo.in/SecurityFixesghsaWEB
web.archive.org/web/20211206185024/http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546ghsaWEB
osvdb.org/48876nvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000