Lucene search

K
cveRedhatCVE-2011-3189
HistoryAug 25, 2011 - 2:22 p.m.

CVE-2011-3189

2011-08-2514:22:48
CWE-310
redhat
web.nvd.nist.gov
55
cve-2011-3189
php 5.3.7
crypt function
authentication bypass
md5 hash
remote attackers

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.014

Percentile

86.2%

The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483.

Affected configurations

Nvd
Node
phpphpMatch5.3.7
VendorProductVersionCPE
phpphp5.3.7cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.014

Percentile

86.2%