Lucene search

K
nvd[email protected]NVD:CVE-2012-2143
HistoryJul 05, 2012 - 2:55 p.m.

CVE-2012-2143

2012-07-0514:55:02
CWE-310
web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

High

EPSS

0.002

Percentile

59.2%

The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.

Affected configurations

NVD
Node
postgresqlpostgresqlRange8.38.3.19
OR
postgresqlpostgresqlRange8.48.4.12
OR
postgresqlpostgresqlRange9.09.0.8
OR
postgresqlpostgresqlRange9.19.1.4
Node
freebsdfreebsdRange9.0
OR
freebsdfreebsdMatch1.0
OR
freebsdfreebsdMatch1.1
OR
freebsdfreebsdMatch1.1.5
OR
freebsdfreebsdMatch1.1.5.1
OR
freebsdfreebsdMatch2.0
OR
freebsdfreebsdMatch2.0.5
OR
freebsdfreebsdMatch2.1
OR
freebsdfreebsdMatch2.1.5
OR
freebsdfreebsdMatch2.1.6
OR
freebsdfreebsdMatch2.1.7
OR
freebsdfreebsdMatch2.2
OR
freebsdfreebsdMatch2.2.1
OR
freebsdfreebsdMatch2.2.2
OR
freebsdfreebsdMatch2.2.5
OR
freebsdfreebsdMatch2.2.6
OR
freebsdfreebsdMatch2.2.7
OR
freebsdfreebsdMatch2.2.8
OR
freebsdfreebsdMatch3.0
OR
freebsdfreebsdMatch3.1
OR
freebsdfreebsdMatch3.2
OR
freebsdfreebsdMatch3.3
OR
freebsdfreebsdMatch3.4
OR
freebsdfreebsdMatch3.5
OR
freebsdfreebsdMatch4.0
OR
freebsdfreebsdMatch4.1
OR
freebsdfreebsdMatch4.1.1
OR
freebsdfreebsdMatch4.2
OR
freebsdfreebsdMatch4.3
OR
freebsdfreebsdMatch4.4
OR
freebsdfreebsdMatch4.5
OR
freebsdfreebsdMatch4.6
OR
freebsdfreebsdMatch4.6.2
OR
freebsdfreebsdMatch4.7
OR
freebsdfreebsdMatch4.8
OR
freebsdfreebsdMatch4.9
OR
freebsdfreebsdMatch4.10
OR
freebsdfreebsdMatch4.11
OR
freebsdfreebsdMatch5.0
OR
freebsdfreebsdMatch5.1
OR
freebsdfreebsdMatch5.2
OR
freebsdfreebsdMatch5.2.1
OR
freebsdfreebsdMatch5.3
OR
freebsdfreebsdMatch5.4
OR
freebsdfreebsdMatch5.5
OR
freebsdfreebsdMatch6.0
OR
freebsdfreebsdMatch6.1
OR
freebsdfreebsdMatch6.2
OR
freebsdfreebsdMatch6.3
OR
freebsdfreebsdMatch6.4
OR
freebsdfreebsdMatch7.0
OR
freebsdfreebsdMatch7.1
OR
freebsdfreebsdMatch7.2
OR
freebsdfreebsdMatch7.3
OR
freebsdfreebsdMatch7.4
OR
freebsdfreebsdMatch8.0
OR
freebsdfreebsdMatch8.1
OR
freebsdfreebsdMatch8.2
OR
freebsdfreebsdMatch8.3
Node
phpphpRange<5.3.14
OR
phpphpRange5.4.05.4.4
Node
debiandebian_linuxMatch6.0

References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

High

EPSS

0.002

Percentile

59.2%