Lucene search
SuseSUSE-SA:2008:036HistoryJul 21, 2008 - 1:24 p.m.
use of weak password hash algorithm in libxcrypt
2008-07-2113:24:08
lists.opensuse.org
13
0.004 Low
EPSS
Percentile
73.6%
libxcrypt is used on openSUSE to calculate the hash value of passwords. It can be configured to use DES, MD5 or blowfish. Due to a bug in libxcrypt the DES algorithm was used if MD5 was configured in /etc/default/passwd. The default algorithm used on openSUSE is blowfish which worked as expected though.
Solution
There is no known workaround, please install the update packages.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 11.0 | i586 | libxcrypt | < 3.0-14.2 | libxcrypt-3.0-14.2.i586.rpm |
| openSUSE | 11.0 | i586 | libxcrypt-devel | < 3.0-14.2 | libxcrypt-devel-3.0-14.2.i586.rpm |
| openSUSE | 11.0 | x86_64 | libxcrypt-32bit | < 3.0-14.2 | libxcrypt-32bit-3.0-14.2.x86_64.rpm |
Related
nessus
nessus
openSUSE Security Update : libxcrypt (libxcrypt-109)
2009-07-21 00:00:00
openvas
openvas
SuSE Update for libxcrypt SUSE-SA:2008:036
2009-01-23 00:00:00
prion
prion
Design/Logic Flaw
2008-07-22 16:41:00
debiancve
debiancve
CVE-2008-3188
2008-07-22 16:41:00
ubuntucve
ubuntucve
CVE-2008-3188
2008-07-22 00:00:00
cvelist
cvelist
CVE-2008-3188
2008-07-22 16:00:00
seebug
seebug
openSUSE libxcrypt不安全口令哈希漏洞
2008-07-23 00:00:00
cve
cve
CVE-2008-3188
2008-07-22 16:41:00
nvd
nvd
CVE-2008-3188
2008-07-22 16:41:00