crypt_blowfish prior to 1.1, as used in PHP prior to 5.3.7 on certain platforms, PostgreSQL prior to 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent malicious users to determine a cleartext password by leveraging knowledge of a password hash.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php |
||
postgresql postgresql |
||
openwall crypt blowfish |