Vulnerability CVE-2011-2483: Information

Description

crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.

Severity: MEDIUM (5.0)

URL: https://nvd.nist.gov/vuln/detail/CVE-2011-2483
Published: Aug. 25, 2011
Modified: April 23, 2024
Error type identifier: CWE-310

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://www.openwall.com/crypt/
  • Mailing List
  • Patch
  • Third Party Advisory
http://www.php.net/archive/2011.php#id2011-08-18-1
  • Patch
  • Vendor Advisory
49241
  • Third Party Advisory
  • VDB Entry
http://www.php.net/ChangeLog-5.php#5.3.7
  • Third Party Advisory
http://php.net/security/crypt_blowfish
  • Third Party Advisory
http://freshmeat.net/projects/crypt_blowfish
  • Broken Link
RHSA-2011:1378
  • Broken Link
http://www.postgresql.org/docs/8.4/static/release-8-4-9.html
  • Patch
  • Vendor Advisory
RHSA-2011:1377
  • Broken Link
SUSE-SA:2011:035
  • Third Party Advisory
USN-1229-1
  • Third Party Advisory
RHSA-2011:1423
  • Broken Link
MDVSA-2011:165
  • Broken Link
MDVSA-2011:180
  • Broken Link
MDVSA-2011:179
  • Broken Link
MDVSA-2011:178
  • Broken Link
DSA-2340
  • Third Party Advisory
  • VDB Entry
http://support.apple.com/kb/HT5130
  • Third Party Advisory
APPLE-SA-2012-02-01-1
  • Mailing List
DSA-2399
  • Third Party Advisory
  • VDB Entry
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
  • Third Party Advisory
php-cryptblowfish-info-disclosure(69319)
  • Third Party Advisory
  • VDB Entry

    1. Configuration 1

      cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
      End excliding
      5.3.7

      Configuration 2

      cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
      Start including
      8.2.0
      End excliding
      8.2.22
      cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
      Start including
      8.3.0
      End excliding
      8.3.16
      cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
      Start including
      8.4.0
      End excliding
      8.4.9
      cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
      Start including
      9.0.0
      End excliding
      9.0.5

      Configuration 3

      cpe:2.3:a:openwall:crypt_blowfish:*:*:*:*:*:*:*:*
      End excliding
      1.1
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.0
Back to top