1.2 CVE-2006-0591

Patch
 

The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions.
https://nvd.nist.gov/vuln/detail/CVE-2006-0591

Categories

CWE-310

References


 

CPE

cpe start end
Configuration 1
cpe:2.3:a:solar_designer:crypt_blowfish:0.4.7:*:*:*:*:*:*:*


REMEDIATION


Patch

Url
18772


EXPLOITS


Exploit-db.com

id description date
No known exploits

Other (github, ...)

Url
No known exploits


CAPEC


Common Attack Pattern Enumerations and Classifications

id description severity
No entry


MITRE