[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-0591Date: (C)2006-02-07   (M)2023-12-22


The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 1.2
Exploit Score: 1.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECUNIA-18772
http://www.securityfocus.com/archive/1/424260/100/0/threaded
20060602-01-U
SECUNIA-20232
SECUNIA-20653
SECUNIA-20782
OSVDB-23005
ADV-2006-0477
RHSA-2006:0526
cryptblowfish-salt-information-disclosure(24590)
http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/glibc/crypt_blowfish/crypt_gensalt.c?only_with_tag=CRYPT_BLOWFISH_1_0
http://support.avaya.com/elmodocs2/security/ASA-2006-113.htm
oval:org.mitre.oval:def:11502

CWE    1
CWE-310

© SecPod Technologies