CVE-2011-2483

Advisory lineage Upstream: 0 Downstream: 7

Downstream

DEBIAN-CVE-2011-2483 DSA-2340-1 DSA-2399-1 OPENSUSE-SU-2024:10138-1 RHSA-2011:1377 RHSA-2011:1378

Modified

Published: 25 Aug 2011, 14:00

Last modified:06 Aug 2024, 23:00

Vulnerability Summary

Overall Risk (default)

low

21/100

CVSS Score

5 MEDIUM

v2.0 (nvd)

EPSS Score

7.07% LOW

7% probability +0.57%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

25 Aug 2011, 14:00

Published

Vulnerability first disclosed

06 Aug 2024, 23:00

Last Modified

Vulnerability information updated

Description

crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.

CVSS Metrics

v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 7.07%• Percentile: 92%

Techniques & Countermeasures

CWE-310•Cryptographic Issues
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.

Affected Systems

openwall•crypt_blowfish
< 1.1
Unknown•PHP
< 5.3.7
postgresql•postgresql
≥ 8.2.0, < 8.2.22 | ≥ 8.3.0, < 8.3.16 | ≥ 8.4.0, < 8.4.9 | ≥ 9.0.0, < 9.0.5