Solar Designer : Security Vulnerabilities, CVEs,
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
Max CVSS
5.0
EPSS Score
0.33%
Published
2011-08-25
Updated
2023-10-25
The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions.
Max CVSS
1.2
EPSS Score
0.06%
Published
2006-02-08
Updated
2018-10-19
2 vulnerabilities found