Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-2143

The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.

Published

2012-07-05T14:55:02.183

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-310
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application postgresql postgresql < 8.3.19 Yes
Application postgresql postgresql < 8.4.12 Yes
Application postgresql postgresql < 9.0.8 Yes
Application postgresql postgresql < 9.1.4 Yes
Operating System freebsd freebsd ≤ 9.0 Yes
Operating System freebsd freebsd 1.0 Yes
Operating System freebsd freebsd 1.1 Yes
Operating System freebsd freebsd 1.1.5 Yes
Operating System freebsd freebsd 1.1.5.1 Yes
Operating System freebsd freebsd 2.0 Yes
Operating System freebsd freebsd 2.0.5 Yes
Operating System freebsd freebsd 2.1 Yes
Operating System freebsd freebsd 2.1.5 Yes
Operating System freebsd freebsd 2.1.6 Yes
Operating System freebsd freebsd 2.1.7 Yes
Operating System freebsd freebsd 2.2 Yes
Operating System freebsd freebsd 2.2.1 Yes
Operating System freebsd freebsd 2.2.2 Yes
Operating System freebsd freebsd 2.2.5 Yes
Operating System freebsd freebsd 2.2.6 Yes
Operating System freebsd freebsd 2.2.7 Yes
Operating System freebsd freebsd 2.2.8 Yes
Operating System freebsd freebsd 3.0 Yes
Operating System freebsd freebsd 3.1 Yes
Operating System freebsd freebsd 3.2 Yes
Operating System freebsd freebsd 3.3 Yes
Operating System freebsd freebsd 3.4 Yes
Operating System freebsd freebsd 3.5 Yes
Operating System freebsd freebsd 4.0 Yes
Operating System freebsd freebsd 4.1 Yes
Operating System freebsd freebsd 4.1.1 Yes
Operating System freebsd freebsd 4.2 Yes
Operating System freebsd freebsd 4.3 Yes
Operating System freebsd freebsd 4.4 Yes
Operating System freebsd freebsd 4.5 Yes
Operating System freebsd freebsd 4.6 Yes
Operating System freebsd freebsd 4.6.2 Yes
Operating System freebsd freebsd 4.7 Yes
Operating System freebsd freebsd 4.8 Yes
Operating System freebsd freebsd 4.9 Yes
Operating System freebsd freebsd 4.10 Yes
Operating System freebsd freebsd 4.11 Yes
Operating System freebsd freebsd 5.0 Yes
Operating System freebsd freebsd 5.1 Yes
Operating System freebsd freebsd 5.2 Yes
Operating System freebsd freebsd 5.2.1 Yes
Operating System freebsd freebsd 5.3 Yes
Operating System freebsd freebsd 5.4 Yes
Operating System freebsd freebsd 5.5 Yes
Operating System freebsd freebsd 6.0 Yes
Operating System freebsd freebsd 6.1 Yes
Operating System freebsd freebsd 6.2 Yes
Operating System freebsd freebsd 6.3 Yes
Operating System freebsd freebsd 6.4 Yes
Operating System freebsd freebsd 7.0 Yes
Operating System freebsd freebsd 7.1 Yes
Operating System freebsd freebsd 7.2 Yes
Operating System freebsd freebsd 7.3 Yes
Operating System freebsd freebsd 7.4 Yes
Operating System freebsd freebsd 8.0 Yes
Operating System freebsd freebsd 8.1 Yes
Operating System freebsd freebsd 8.2 Yes
Operating System freebsd freebsd 8.3 Yes
Application php php < 5.3.14 Yes
Application php php < 5.4.4 Yes
Operating System debian debian_linux 6.0 Yes
References