openwall phpass fallback mode

2015.05.11
Credit: Kash
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

http://www.openwall.com/phpass/ This library has an unfortunate consequence when using it in multiple environments without strong consistent access to one crypto method.. it will fall back to weaker methods, which breaks the expectations of security.. Fallback have been assigned CVE here before. As well, it is an openwall release. I may be wrong and it could already be assigned one, but I don't see it. -- Kash Pande

References:

http://www.openwall.com/phpass/
http://seclists.org/oss-sec/2015/q2/401


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top