New Search

Vulnerability in PHP through 5.3.13 PostgreSQL 8.4 before 8.4.12 PostgreSQL 9.0 before 9.0.8 PostgreSQL 9.1 before 9.1.4 (CVE-2012-2143)

oval:org.cisecurity:def:8203

The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2 as used in PHP PostgreSQL and other products does not process the complete cleartext password if this password contains a 0x80 character which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password as demonstrated by a Unicode password.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows 8
  • Microsoft Windows 10
  • Microsoft Windows Vista
  • Microsoft Windows 7
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2016
  • Microsoft Windows 8.1
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows XP
  • Microsoft Windows Server 2012
Class:
vulnerability
Reference(s):
  • CVE-2012-2143
Product(s):
  • PHP
  • PostgreSQL