CVE-2011-3189

Sažetak

The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483.

Reference

http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://osvdb.org/74726
http://secunia.com/advisories/45678
http://support.apple.com/kb/HT5130
http://www.openwall.com/lists/oss-security/2011/08/23/4
http://www.php.net/archive/2011.php#id2011-08-23-1
http://www.php.net/ChangeLog-5.php#5.3.8
https://bugs.gentoo.org/show_bug.cgi?id=380261
https://bugs.php.net/bug.php?id=55439
https://exchange.xforce.ibmcloud.com/vulnerabilities/69429

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

29-08-2017 - 01:30

Objavljeno

25-08-2011 - 14:22