Lucene search

K
cveRedhatCVE-2011-2483
HistoryAug 25, 2011 - 2:22 p.m.

CVE-2011-2483

2011-08-2514:22:44
CWE-310
redhat
web.nvd.nist.gov
124
cve-2011-2483
crypt_blowfish
php
postgresql
password hash
security vulnerability

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.003

Percentile

70.9%

crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.

Affected configurations

Nvd
Node
phpphpRange<5.3.7
Node
postgresqlpostgresqlRange8.2.08.2.22
OR
postgresqlpostgresqlRange8.3.08.3.16
OR
postgresqlpostgresqlRange8.4.08.4.9
OR
postgresqlpostgresqlRange9.0.09.0.5
Node
openwallcrypt_blowfishRange<1.1
VendorProductVersionCPE
phpphp*cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
postgresqlpostgresql*cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
openwallcrypt_blowfish*cpe:2.3:a:openwall:crypt_blowfish:*:*:*:*:*:*:*:*

References

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.003

Percentile

70.9%