openwall phpass fallback mode

Published
Credit
Risk
2015.05.11
Kash
Low
CWE
CVE
Local
Remote
N/A
N/A
No
Yes

http://www.openwall.com/phpass/

This library has an unfortunate consequence when using it in multiple
environments without strong consistent access to one crypto method.. it
will fall back to weaker methods, which breaks the expectations of
security.. Fallback have been assigned CVE here before. As well, it is
an openwall release.

I may be wrong and it could already be assigned one, but I don't see it.

--

Kash Pande

References:

http://www.openwall.com/phpass/
http://seclists.org/oss-sec/2015/q2/401


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com