[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-2143Date: (C)2012-07-05   (M)2024-03-22


The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1026995
SECUNIA-49304
SECUNIA-50718
APPLE-SA-2012-09-19-2
DSA-2491
FEDORA-2012-8893
FEDORA-2012-8915
FEDORA-2012-8924
FreeBSD-SA-12:02
MDVSA-2012:092
RHSA-2012:1037
SUSE-SU-2012:0840
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aab49e934de1fff046e659cbec46e3d053b41c34
http://git.postgresql.org/gitweb/?p=postgresql.git&a=commit&h=932ded2ed51e8333852e370c7a6dad75d9f236f9
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://support.apple.com/kb/HT5501
http://www.postgresql.org/docs/8.3/static/release-8-3-19.html
http://www.postgresql.org/docs/8.4/static/release-8-4-12.html
http://www.postgresql.org/docs/9.0/static/release-9-0-8.html
http://www.postgresql.org/docs/9.1/static/release-9-1-4.html
http://www.postgresql.org/support/security/
https://bugzilla.redhat.com/show_bug.cgi?id=816956
openSUSE-SU-2012:1251
openSUSE-SU-2012:1288
openSUSE-SU-2012:1299

CWE    1
CWE-310
OVAL    39
oval:org.secpod.oval:def:1601354
oval:org.secpod.oval:def:700881
oval:org.secpod.oval:def:1300080
oval:org.secpod.oval:def:1507098
...

© SecPod Technologies