First published: Fri Apr 27 2012(Updated: )
A security flaw was found in the way DES and extended DES based crypt() password encryption function performed encryption of certain keys, when the key to be encrypted was provided in the Unicode encoding (certain keys were truncated before being DES digested). When the resulting ciphertext for such a previously shortened key was used as a pattern in a password protected resource, intended to be matched against subsequently encrypted value of the password field, retrieved from the user authentication dialog, it could lead to authentication bypass.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/postgresql | <9.1.4 | 9.1.4 |
redhat/postgresql | <9.0.8 | 9.0.8 |
redhat/postgresql | <8.4.12 | 8.4.12 |
redhat/postgresql | <8.3.19 | 8.3.19 |
PostgreSQL PostgreSQL | =8.3 | |
PostgreSQL PostgreSQL | =8.4 | |
PostgreSQL PostgreSQL | =9.0 | |
PostgreSQL PostgreSQL | =9.1 | |
FreeBSD FreeBSD | <=9.0 | |
FreeBSD FreeBSD | =1.0 | |
FreeBSD FreeBSD | =1.1 | |
FreeBSD FreeBSD | =1.1.5 | |
FreeBSD FreeBSD | =1.1.5.1 | |
FreeBSD FreeBSD | =2.0 | |
FreeBSD FreeBSD | =2.0.5 | |
FreeBSD FreeBSD | =2.1 | |
FreeBSD FreeBSD | =2.1.5 | |
FreeBSD FreeBSD | =2.1.6 | |
FreeBSD FreeBSD | =2.1.7 | |
FreeBSD FreeBSD | =2.2 | |
FreeBSD FreeBSD | =2.2.1 | |
FreeBSD FreeBSD | =2.2.2 | |
FreeBSD FreeBSD | =2.2.5 | |
FreeBSD FreeBSD | =2.2.6 | |
FreeBSD FreeBSD | =2.2.7 | |
FreeBSD FreeBSD | =2.2.8 | |
FreeBSD FreeBSD | =3.0 | |
FreeBSD FreeBSD | =3.1 | |
FreeBSD FreeBSD | =3.2 | |
FreeBSD FreeBSD | =3.3 | |
FreeBSD FreeBSD | =3.4 | |
FreeBSD FreeBSD | =3.5 | |
FreeBSD FreeBSD | =4.0 | |
FreeBSD FreeBSD | =4.1 | |
FreeBSD FreeBSD | =4.1.1 | |
FreeBSD FreeBSD | =4.2 | |
FreeBSD FreeBSD | =4.3 | |
FreeBSD FreeBSD | =4.4 | |
FreeBSD FreeBSD | =4.5 | |
FreeBSD FreeBSD | =4.6 | |
FreeBSD FreeBSD | =4.6.2 | |
FreeBSD FreeBSD | =4.7 | |
FreeBSD FreeBSD | =4.8 | |
FreeBSD FreeBSD | =4.9 | |
FreeBSD FreeBSD | =4.10 | |
FreeBSD FreeBSD | =4.11 | |
FreeBSD FreeBSD | =5.0 | |
FreeBSD FreeBSD | =5.1 | |
FreeBSD FreeBSD | =5.2 | |
FreeBSD FreeBSD | =5.2.1 | |
FreeBSD FreeBSD | =5.3 | |
FreeBSD FreeBSD | =5.4 | |
FreeBSD FreeBSD | =5.5 | |
FreeBSD FreeBSD | =6.0 | |
FreeBSD FreeBSD | =6.1 | |
FreeBSD FreeBSD | =6.2 | |
FreeBSD FreeBSD | =6.3 | |
FreeBSD FreeBSD | =6.4 | |
FreeBSD FreeBSD | =7.0 | |
FreeBSD FreeBSD | =7.1 | |
FreeBSD FreeBSD | =7.2 | |
FreeBSD FreeBSD | =7.3 | |
FreeBSD FreeBSD | =7.4 | |
FreeBSD FreeBSD | =8.0 | |
FreeBSD FreeBSD | =8.1 | |
FreeBSD FreeBSD | =8.2 | |
FreeBSD FreeBSD | =8.3 | |
PHP PHP | <5.3.14 | |
PHP PHP | >=5.4.0<5.4.4 | |
Debian Debian Linux | =6.0 | |
PostgreSQL PostgreSQL | >=8.3<8.3.19 | |
PostgreSQL PostgreSQL | >=8.4<8.4.12 | |
PostgreSQL PostgreSQL | >=9.0<9.0.8 | |
PostgreSQL PostgreSQL | >=9.1<9.1.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.