CVE-2004-2136

The CVE-2004-2136 entry concerns dm-crypt in the Linux kernel (2.6.x) used on certain filesystems with block sizes of 1024 or greater. The underlying issue is an IV computation weakness in the encryption mode that can allow watermarked files to be detected without decrypting the data. The availab...

Linux Kernel 2.6.x - Cryptoloop Information Disclosure

source: https://www.securityfocus.com/bid/13775/info Both cryptoloop and dm-crypt are reported prone to an information disclosure vulnerability. Reports indicate that certain watermarked files may be detected on a filesystem that is encrypted using the affected loop device encryption schemes. It...

CVE-2004-0823

OpenLDAP vulnerabilities: CVE-2004-0823 affects OpenLDAP 1.0–2.1.19 (as used in macOS 10.3.x and potentially other OSes). The issue allows certain authentication schemes to treat hashed (crypt) passwords stored in the userPassword attribute as plaintext, enabling remote attackers to reuse hashed ...

CVE-2004-2136

dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption...

CVE-2003-0189

The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the cryptr or crypt functions, which allows remote attackers to cause a denial of service failed Basic authentication with valid usernames and passwords when a threaded MPM is use...

CVE-2001-0967

Knox Arkeia server (notably version 4.2) uses a constant salt when hashing passwords via crypt(), enabling easier brute‑force guessing. The root cause is the non‑unique salt value in password encryption, which compromises password strength. The PT-2001-2119 advisory aligns with this, describing t...

PT-2001-2119 · Knox · Knox Arkeia Server

Name of the Vulnerable Software and Affected Versions: Knox Arkeia server version 4.2 Description: The issue is related to the use of a constant salt when encrypting passwords using the crypt function, which makes it easier for an attacker to conduct brute force password guessing. Recommendations...

Слабый алгоритм шифрования в Crypt-PW (weak encryption)

Шифрованный парль легко декодируется...

Network Solutions Crypt-PW Authentication-Scheme vulnerability

Problem: While crypt password authentication is not in and of itself very secure, Network Sulotions have made it even less so by including the first two characters of the password as the salt of the encrypted form. While the password is transmitted via a secure session, the encrypted form is...

qnx crypt comprimised

the crypt function for qnx turned out to a bit mixer, not a hash function. It's now possible to extract plaintext from the hashes. On a related note, all IOpeners running qnx use the same root password. Telnetd is running, and allows remote login as root. This is a huge security hole, as you can...

Скомпромитирован crypt() в QNX

Для шифрования пароля используется обратимый алгоритм битового вращения, который позволяет восстановить исходный текстовй пароль...

QSSL QNX 4.25 A - crypt() Local Privilege Escalation

QSSL QNX 4.25 A - crypt Local Privilege Escalation / source: https://www.securityfocus.com/bid/1114/info A design error in the operation of the crypt3 function exists in QNX, from QNX System Software, Limited QSSL. The flaw allows the recovery of passwords from the hashes. On most Unix variants,...

QSSL QNX 4.25 A - 'crypt()' Local Privilege Escalation

/ source: https://www.securityfocus.com/bid/1114/info A design error in the operation of the crypt3 function exists in QNX, from QNX System Software, Limited QSSL. The flaw allows the recovery of passwords from the hashes. On most Unix variants, crypt3 is based on a variant of the DES encryption...

CVE-2000-0093

The CVE-2000-0093 entry concerns Red Hat installations that use DES-encrypted passwords via crypt() for the initial password instead of MD5. Affected component is the initial password handling in Red Hat setups; root cause is the use of DES crypt() rather than a stronger hash. Documents explicitl...

PT-2000-1082 · Red Hat · Red Hat

Name of the Vulnerable Software and Affected Versions: Red Hat affected versions not specified Description: The issue is related to the use of DES password encryption with crypt for the initial password in Red Hat installations, instead of using md5 encryption. Recommendations: At the moment, the...