MidnightBSD

Advisories for solar_designer

CVE-2006-0591 LOW

The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions.

CVSS 2.0

Severity: LOW

Problem Type: CWE-310,

Products Affected

Vendor Product Version
solar_designer crypt_blowfish 0.4.7
CVE-2011-2483 MEDIUM

crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
solar_designer crypt_blowfish *
php php 3.0.6
php php 2.0b10
php php 4.3.2
php php 5.1.0
php php 5.2.11
solar_designer crypt_blowfish 0.4
php php 3.0.17
php php 4.3.6
solar_designer crypt_blowfish 0.4.4
php php 2.0
php php 3.0.5
php php 4.1.0
php php 5.1.1
php php 3.0.18
php php 4.3.4
php php 4.4.0
php php 5.2.14
php php 4.1.2
php php 4.0
php php 3.0.4
php php 5.2.13
php php 3.0.1
php php 5.1.5
php php 5.3.0
php php 5.0.0
php php 5.2.8
php php 3.0.2
php php 5.2.1
php php 5.2.12
php php 5.2.3
php php 4.0.3
solar_designer crypt_blowfish 0.4.3
php php 5.2.6
php php 5.2.10
php php 3.0.13
php php 4.1.1
php php 4.2.3
php php 5.1.4
php php 5.2.9
php php 4.4.2
php php 4.2.2
php php 3.0.9
php php 5.0.4
php php 5.3.2
php php 3.0.15
solar_designer crypt_blowfish 0.4.1
php php 5.2.5
php php 4.0.7
php php 5.3.3
php php 5.0.2
php php 5.2.0
php php 4.4.9
php php 4.0.6
php php 4.0.1
php php 4.4.3
php php 4.3.8
solar_designer crypt_blowfish 0.3
php php 4.3.9
php php 3.0.12
php php 5.1.2
php php 4.2.1
php php 5.1.6
php php 4.0.0
php php 5.0.5
php php 4.4.8
php php 4.2.0
php php 5.0.1
php php 4.3.11
php php 3.0.8
php php 3.0.14
php php 3.0
php php 5.2.4
solar_designer crypt_blowfish 0.4.2
php php 4.3.0
php php 5.3.4
php php 4.4.4
php php 4.0.2
php php 4.4.5
solar_designer crypt_blowfish 0.4.5
php php 3.0.10
php php 1.0
php php 4.4.1
php php 4.4.7
php php 3.0.7
php php 4.3.10
php php *
php php 4.3.3
php php 5.1.3
php php 4.0.5
php php 5.3.5
php php 3.0.16
php php 5.3.1
php php 3.0.11
php php 4.3.7
php php 3.0.3
php php 4.3.1
php php 4.3.5
php php 5.0.3
php php 5.2.2
postgresql postgresql *
php php 4.0.4
php php 4.4.6
solar_designer crypt_blowfish 0.2
solar_designer crypt_blowfish 0.4.6