CVE-2006-0591
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions.
Las funciones crypt_gensalt de huellas digitales ('hashes') de contraseñas basadas en DES extendidas con estilo BSDI y basadas en MD5 con estilo FreeBSD en crypt_blowfish 0.4.7 y anteriores no distribuyen las sales equitativamente y aleatoriamente en el espacio de huellas digitales, lo que hace más fácil a atacantes averiguar contraseñas de un fichero de contraseñas robado debido al número de colisiones aumentado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-02-08 CVE Reserved
- 2006-02-08 CVE Published
- 2023-07-03 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (15)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/18772 | 2018-10-19 |
URL | Date | SRC |
---|---|---|
ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc | 2018-10-19 | |
http://secunia.com/advisories/20232 | 2018-10-19 | |
http://secunia.com/advisories/20653 | 2018-10-19 | |
http://secunia.com/advisories/20782 | 2018-10-19 | |
http://www.redhat.com/support/errata/RHSA-2006-0526.html | 2018-10-19 | |
http://www.vupen.com/english/advisories/2006/0477 | 2018-10-19 | |
https://access.redhat.com/security/cve/CVE-2006-0591 | 2006-05-23 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1618012 | 2006-05-23 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Solar Designer Search vendor "Solar Designer" | Crypt Blowfish Search vendor "Solar Designer" for product "Crypt Blowfish" | 0.4.7 Search vendor "Solar Designer" for product "Crypt Blowfish" and version "0.4.7" | - |
Affected
|