CVSS: 10.0EPSS: 6%CPEs: 6EXPL: 0CVE-2011-2483 – crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash
https://notcve.org/view.php?id=CVE-2011-2483
25 Aug 2011 — crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. crypt_blowfish en versiones anteriores a 1.1, como se utiliza en PHP en versiones anteriores a 5.3.7 en ciertas plataformas, PostgreSQL en versiones anteriores a 8.4.9 y otros productos, no maneja adecuadamente cara... • http://freshmeat.net/projects/crypt_blowfish • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0591
https://notcve.org/view.php?id=CVE-2006-0591
08 Feb 2006 — The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions. Las funciones crypt_gensalt de huellas digitales ('hashes') de contraseñas basadas en DES extendidas con estilo BSDI y basadas en MD5 con estilo FreeBSD en crypt_blowfish 0.4.7 y anteriores no distri... • ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc • CWE-310: Cryptographic Issues •