The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and previous versions do not evenly and randomly distribute salts, which makes it easier for malicious users to guess passwords from a stolen password file due to the increased number of collisions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
solar designer crypt blowfish 0.4.7 |