9.9 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
70.5%
It was discovered that the blowfish algorithm in the pgcrypto module
incorrectly handled certain 8-bit characters, resulting in the password
hashes being easier to crack than expected. An attacker who could obtain
the password hashes would be able to recover the plaintext with less
effort.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.04 | noarch | postgresql-8.3 | < 8.3.16-0ubuntu0.8.04 | UNKNOWN |
Ubuntu | 8.04 | noarch | libecpg-compat3 | < 8.3.16-0ubuntu0.8.04 | UNKNOWN |
Ubuntu | 8.04 | noarch | libecpg-dev | < 8.3.16-0ubuntu0.8.04 | UNKNOWN |
Ubuntu | 8.04 | noarch | libecpg6 | < 8.3.16-0ubuntu0.8.04 | UNKNOWN |
Ubuntu | 8.04 | noarch | libpgtypes3 | < 8.3.16-0ubuntu0.8.04 | UNKNOWN |
Ubuntu | 8.04 | noarch | libpq-dev | < 8.3.16-0ubuntu0.8.04 | UNKNOWN |
Ubuntu | 8.04 | noarch | libpq5 | < 8.3.16-0ubuntu0.8.04 | UNKNOWN |
Ubuntu | 8.04 | noarch | postgresql-client-8.3 | < 8.3.16-0ubuntu0.8.04 | UNKNOWN |
Ubuntu | 8.04 | noarch | postgresql-contrib-8.3 | < 8.3.16-0ubuntu0.8.04 | UNKNOWN |
Ubuntu | 8.04 | noarch | postgresql-plperl-8.3 | < 8.3.16-0ubuntu0.8.04 | UNKNOWN |