RSS   Podatności dla 'Crypt blowfish'   RSS

2011-08-25
 
CVE-2011-2483

 

 
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.

 
2006-02-07
 
CVE-2006-0591

CWE-310
 

 
The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions.

 


Copyright 2024, cxsecurity.com

 

Back to Top