CVE - CVE-2012-2143

CVE-ID
CVE-2012-2143	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=aab49e934de1fff046e659cbec46e3d053b41c34 CONFIRM:http://git.postgresql.org/gitweb/?p=postgresql.git&a=commit&h=932ded2ed51e8333852e370c7a6dad75d9f236f9 CONFIRM:http://www.postgresql.org/docs/8.3/static/release-8-3-19.html CONFIRM:http://www.postgresql.org/docs/8.4/static/release-8-4-12.html CONFIRM:http://www.postgresql.org/docs/9.0/static/release-9-0-8.html CONFIRM:http://www.postgresql.org/docs/9.1/static/release-9-1-4.html CONFIRM:http://www.postgresql.org/support/security/ CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=816956 CONFIRM:http://support.apple.com/kb/HT5501 CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 APPLE:APPLE-SA-2012-09-19-2 URL:http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html DEBIAN:DSA-2491 URL:http://www.debian.org/security/2012/dsa-2491 FEDORA:FEDORA-2012-8893 URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html FEDORA:FEDORA-2012-8915 URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html FEDORA:FEDORA-2012-8924 URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html FREEBSD:FreeBSD-SA-12:02 URL:http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc MANDRIVA:MDVSA-2012:092 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2012:092 REDHAT:RHSA-2012:1037 URL:http://rhn.redhat.com/errata/RHSA-2012-1037.html SUSE:SUSE-SU-2012:0840 URL:http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html SUSE:openSUSE-SU-2012:1299 URL:http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html SUSE:openSUSE-SU-2012:1251 URL:http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html SUSE:openSUSE-SU-2012:1288 URL:http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html SECTRACK:1026995 URL:http://www.securitytracker.com/id?1026995 SECUNIA:49304 URL:http://secunia.com/advisories/49304 SECUNIA:50718 URL:http://secunia.com/advisories/50718
Assigning CNA
N/A
Date Entry Created
20120404	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20120404)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.