The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions.
References
Configurations
History
No history.
Information
Published : 2006-02-08 01:02
Updated : 2024-02-28 10:42
NVD link : CVE-2006-0591
Mitre link : CVE-2006-0591
CVE.ORG link : CVE-2006-0591
JSON object : View
Products Affected
solar_designer
- crypt_blowfish
CWE
CWE-310
Cryptographic Issues