sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm’s runtime is proportional to the square of the length of the password.
CPE | Name | Operator | Version |
---|---|---|---|
sha256crypt | le | 0.6 | |
sha512crypt | le | 0.6 |