Computer Security
[EN] securityvulns.ru no-pyccku


FreeBSD crypt() implementation vulnerability
Published:31.05.2012
Source:
SecurityVulns ID:12391
Type:library
Threat Level:
5/10
Description:8-bit characters are ignored during DES hash calculation.
Affected:FREEBSD : FreeBSD 7.4
 FREEBSD : FreeBSD 9.0
 FREEBSD : FreeBSD 8.3
CVE:CVE-2012-2143 (The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-12:02.crypt (31.05.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod