logo
DATABASE RESOURCES PRICING ABOUT US

Brute-force Attack

Description

postgresql is vulnerable to brute-force attacks. The vulnerability exists as a signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value.


Affected Software


CPE Name Name Version
postgresql 8.1.9__1.el5
postgresql 8.4.5__1.el6_0.2
postgresql 7.4.19__1.el4_6.1
postgresql 7.4.30__1.el4_8.1
postgresql 7.4.26__1.el4_8.1
postgresql 8.4.7__1.el6_0.1
postgresql 8.1.8__1.el5
postgresql 8.1.21__1.el5_5.1
postgresql 8.4.7__2.el6
postgresql 7.4.30__1.el4_8.2
postgresql 8.1.18__2.el5_4.1
postgresql 8.4.4__2.el6
postgresql 8.1.22__1.el5_5.1
postgresql 8.1.11__1.el5_1.1
postgresql 7.4.29__1.el4_8.1
postgresql84 8.4.2__5.el5
postgresql84 8.4.4__1.el5_5.1
postgresql84 8.4.7__1.el5_6.1
postgresql84 8.4.5__1.el5_5.1
php 5.3.2__6.el6_0.1
php 5.3.2__6.el6
postgresql 8.1.9__1.el5
postgresql 8.4.5__1.el6_0.2
postgresql 7.4.19__1.el4_6.1
postgresql 7.4.30__1.el4_8.1
postgresql 7.4.26__1.el4_8.1
postgresql 8.4.7__1.el6_0.1
postgresql 8.1.8__1.el5
postgresql 8.1.21__1.el5_5.1
postgresql 8.4.7__2.el6
postgresql 7.4.30__1.el4_8.2
postgresql 8.1.18__2.el5_4.1
postgresql 8.4.4__2.el6
postgresql 8.1.22__1.el5_5.1
postgresql 8.1.11__1.el5_1.1
postgresql 7.4.29__1.el4_8.1
postgresql84 8.4.2__5.el5
postgresql84 8.4.4__1.el5_5.1
postgresql84 8.4.7__1.el5_6.1
postgresql84 8.4.5__1.el5_5.1
php 5.3.2__6.el6_0.1
php 5.3.2__6.el6

Related