Brute-force Attack

2020-04-1001:02:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

postgresql is vulnerable to brute-force attacks. The vulnerability exists as a signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value.

CPENameOperatorVersion
postgresqleq8.1.9__1.el5
postgresqleq8.4.5__1.el6_0.2
postgresqleq7.4.19__1.el4_6.1
postgresqleq7.4.30__1.el4_8.1
postgresqleq7.4.26__1.el4_8.1
postgresqleq8.4.7__1.el6_0.1
postgresqleq8.1.8__1.el5
postgresqleq8.1.21__1.el5_5.1
postgresqleq8.4.7__2.el6
postgresqleq7.4.30__1.el4_8.2

Name	Operator	Version
postgresql	eq	8.1.9__1.el5
postgresql	eq	8.4.5__1.el6_0.2
postgresql	eq	7.4.19__1.el4_6.1
postgresql	eq	7.4.30__1.el4_8.1
postgresql	eq	7.4.26__1.el4_8.1
postgresql	eq	8.4.7__1.el6_0.1
postgresql	eq	8.1.8__1.el5
postgresql	eq	8.1.21__1.el5_5.1
postgresql	eq	8.4.7__2.el6
postgresql	eq	7.4.30__1.el4_8.2