Description

The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.

Remediation

References

CVE-2012-2143

Related Vulnerabilities

WordPress Plugin Tweet Wheel Spam (0.3)

Jboss EAP CVE-2022-2764 Vulnerability (CVE-2022-2764)

MySQL CVE-2018-2622 Vulnerability (CVE-2018-2622)

WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10101)

WordPress Plugin WP Forum Server Cross-Site Scripting and SQL Injection Vulnerabilities (1.7.3)

Severity

Medium

Classification

CVE-2012-2143

Tags

Missing Update Known Vulnerabilities