5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
9.9 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
71.0%
It was discovered that the blowfish algorithm in the pgcrypto module
incorrectly handled certain 8-bit characters, resulting in the password
hashes being easier to crack than expected. An attacker who could obtain
the password hashes would be able to recover the plaintext with less
effort.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.04 | noarch | postgresql-8.3 | < 8.3.16-0ubuntu0.8.04 | UNKNOWN |
Ubuntu | 8.04 | noarch | libecpg-compat3 | < 8.3.16-0ubuntu0.8.04 | UNKNOWN |
Ubuntu | 8.04 | noarch | libecpg-dev | < 8.3.16-0ubuntu0.8.04 | UNKNOWN |
Ubuntu | 8.04 | noarch | libecpg6 | < 8.3.16-0ubuntu0.8.04 | UNKNOWN |
Ubuntu | 8.04 | noarch | libpgtypes3 | < 8.3.16-0ubuntu0.8.04 | UNKNOWN |
Ubuntu | 8.04 | noarch | libpq-dev | < 8.3.16-0ubuntu0.8.04 | UNKNOWN |
Ubuntu | 8.04 | noarch | libpq5 | < 8.3.16-0ubuntu0.8.04 | UNKNOWN |
Ubuntu | 8.04 | noarch | postgresql-client-8.3 | < 8.3.16-0ubuntu0.8.04 | UNKNOWN |
Ubuntu | 8.04 | noarch | postgresql-contrib-8.3 | < 8.3.16-0ubuntu0.8.04 | UNKNOWN |
Ubuntu | 8.04 | noarch | postgresql-plperl-8.3 | < 8.3.16-0ubuntu0.8.04 | UNKNOWN |