|
|
CVE Reference: CVE-2006-0591 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-0591 |
|
|
Description: The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/24590 SGI SAID Secunia Advisory: SA18772 Secunia Advisory: SA20232 Secunia Advisory: SA20782 Secunia Advisory: SA20653 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0526.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11502 OSVDB 23005 MISC http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/glibc/crypt_blowfish/crypt_gensalt.c?only_with_tag=CRYPT_BLOWFISH_1_0 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-113.htm BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/424260/100/0/threaded |
|
| Return to the previous page. |
