[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-2483Date: (C)2011-08-25   (M)2024-04-24


crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
BID-49241
APPLE-SA-2012-02-01-1
DSA-2340
DSA-2399
MDVSA-2011:165
MDVSA-2011:178
MDVSA-2011:179
MDVSA-2011:180
RHSA-2011:1377
RHSA-2011:1378
RHSA-2011:1423
SUSE-SA:2011:035
USN-1229-1
http://freshmeat.net/projects/crypt_blowfish
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://php.net/security/crypt_blowfish
http://support.apple.com/kb/HT5130
http://www.openwall.com/crypt/
http://www.php.net/ChangeLog-5.php#5.3.7
http://www.php.net/archive/2011.php#id2011-08-18-1
http://www.postgresql.org/docs/8.4/static/release-8-4-9.html
php-cryptblowfish-info-disclosure(69319)

CWE    1
CWE-310
OVAL    32
oval:org.secpod.oval:def:600718
oval:org.secpod.oval:def:600719
oval:org.secpod.oval:def:1601237
oval:org.secpod.oval:def:201561
...

© SecPod Technologies