Lucene search

K
prion
PRIOn knowledge basePRION:CVE-2011-3189
HistoryAug 25, 2011 - 2:22 p.m.

Authentication flaw

2011-08-2514:22:00
PRIOn knowledge base
www.prio-n.com
2

7.2 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.014 Low

EPSS

Percentile

85.8%

The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483.

CPENameOperatorVersion
phpeq5.3.7
How to protect your server from attacks?

7.2 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.014 Low

EPSS

Percentile

85.8%

Related for PRION:CVE-2011-3189