CVE-2012-2143 in PHP
요약 (영어)
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
예약하다
2012. 04. 04.
공개
2012. 07. 05.
상태
확인됨
엔트리
VulDB provides additional information and datapoints for this CVE:
| 아이디 | 취약성 | CWE | 악용 | 대책 | CVE |
|---|---|---|---|---|---|
| 5481 | PHP crypt_freesec.c 약한 암호화 | 310 | 개념 증명 | 공식 수정 | CVE-2012-2143 |
| 5477 | FreeBSD DES Implementation libcrypt 약한 암호화 | 310 | 개념 증명 | 공식 수정 | CVE-2012-2143 |