Lucene search

K
cvelistRedhatCVELIST:CVE-2012-2143
HistoryJul 05, 2012 - 2:00 p.m.

CVE-2012-2143

2012-07-0514:00:00
redhat
www.cve.org

6.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.1%

The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.

References