// For flags

CVE-2012-2143

crypt(): DES encrypted password weakness

Severity Score

4.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.

La función crypt_des (también conocido como crypt basado en DES), en FreeBSD v9.0-RELEASE-p2, tal y como se utiliza en PHP, PostgreSQL y otros productos, no procesa las contraseñas en claro si la contraseña contiene un carácter de 0x80, lo que hace más fácil para los atacantes dependientes del contexto a la hora de obtener acceso a través de un intento de autenticación con una subcadena inicial con la contraseña, tal y como se demuestra con una contraseña Unicode.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-04-04 CVE Reserved
  • 2012-05-30 CVE Published
  • 2023-05-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-310: Cryptographic Issues
CAPEC
References (26)
URL Date SRC
URL Date SRC
http://git.postgresql.org/gitweb/?p=postgresql.git&a=commit&h=932ded2ed51e8333852e370c7a6dad75d9f236f9 2024-03-14
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html 2024-03-14
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html 2024-03-14
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html 2024-03-14
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html 2024-03-14
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html 2024-03-14
http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html 2024-03-14
http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html 2024-03-14
http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html 2024-03-14
http://rhn.redhat.com/errata/RHSA-2012-1037.html 2024-03-14
http://secunia.com/advisories/49304 2024-03-14
http://secunia.com/advisories/50718 2024-03-14
http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc 2024-03-14
http://www.debian.org/security/2012/dsa-2491 2024-03-14
http://www.mandriva.com/security/advisories?name=MDVSA-2012:092 2024-03-14
http://www.postgresql.org/docs/8.3/static/release-8-3-19.html 2024-03-14
http://www.postgresql.org/docs/8.4/static/release-8-4-12.html 2024-03-14
http://www.postgresql.org/docs/9.0/static/release-9-0-8.html 2024-03-14
http://www.postgresql.org/docs/9.1/static/release-9-1-4.html 2024-03-14
http://www.postgresql.org/support/security 2024-03-14
https://bugzilla.redhat.com/show_bug.cgi?id=816956 2012-06-27
https://access.redhat.com/security/cve/CVE-2012-2143 2012-06-27
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
>= 8.3 < 8.3.19
Search vendor "Postgresql" for product "Postgresql" and version " >= 8.3 < 8.3.19"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
>= 8.4 < 8.4.12
Search vendor "Postgresql" for product "Postgresql" and version " >= 8.4 < 8.4.12"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
>= 9.0 < 9.0.8
Search vendor "Postgresql" for product "Postgresql" and version " >= 9.0 < 9.0.8"
-
Affected
Postgresql
Search vendor "Postgresql"
Postgresql
Search vendor "Postgresql" for product "Postgresql"
>= 9.1 < 9.1.4
Search vendor "Postgresql" for product "Postgresql" and version " >= 9.1 < 9.1.4"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
<= 9.0
Search vendor "Freebsd" for product "Freebsd" and version " <= 9.0"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
1.0
Search vendor "Freebsd" for product "Freebsd" and version "1.0"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
1.1
Search vendor "Freebsd" for product "Freebsd" and version "1.1"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
1.1.5
Search vendor "Freebsd" for product "Freebsd" and version "1.1.5"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
1.1.5.1
Search vendor "Freebsd" for product "Freebsd" and version "1.1.5.1"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
2.0
Search vendor "Freebsd" for product "Freebsd" and version "2.0"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
2.0.5
Search vendor "Freebsd" for product "Freebsd" and version "2.0.5"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
2.1
Search vendor "Freebsd" for product "Freebsd" and version "2.1"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
2.1.5
Search vendor "Freebsd" for product "Freebsd" and version "2.1.5"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
2.1.6
Search vendor "Freebsd" for product "Freebsd" and version "2.1.6"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
2.1.7
Search vendor "Freebsd" for product "Freebsd" and version "2.1.7"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
2.2
Search vendor "Freebsd" for product "Freebsd" and version "2.2"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
2.2.1
Search vendor "Freebsd" for product "Freebsd" and version "2.2.1"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
2.2.2
Search vendor "Freebsd" for product "Freebsd" and version "2.2.2"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
2.2.5
Search vendor "Freebsd" for product "Freebsd" and version "2.2.5"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
2.2.6
Search vendor "Freebsd" for product "Freebsd" and version "2.2.6"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
2.2.7
Search vendor "Freebsd" for product "Freebsd" and version "2.2.7"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
2.2.8
Search vendor "Freebsd" for product "Freebsd" and version "2.2.8"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
3.0
Search vendor "Freebsd" for product "Freebsd" and version "3.0"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
3.1
Search vendor "Freebsd" for product "Freebsd" and version "3.1"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
3.2
Search vendor "Freebsd" for product "Freebsd" and version "3.2"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
3.3
Search vendor "Freebsd" for product "Freebsd" and version "3.3"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
3.4
Search vendor "Freebsd" for product "Freebsd" and version "3.4"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
3.5
Search vendor "Freebsd" for product "Freebsd" and version "3.5"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
4.0
Search vendor "Freebsd" for product "Freebsd" and version "4.0"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
4.1
Search vendor "Freebsd" for product "Freebsd" and version "4.1"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
4.1.1
Search vendor "Freebsd" for product "Freebsd" and version "4.1.1"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
4.2
Search vendor "Freebsd" for product "Freebsd" and version "4.2"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
4.3
Search vendor "Freebsd" for product "Freebsd" and version "4.3"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
4.4
Search vendor "Freebsd" for product "Freebsd" and version "4.4"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
4.5
Search vendor "Freebsd" for product "Freebsd" and version "4.5"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
4.6
Search vendor "Freebsd" for product "Freebsd" and version "4.6"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
4.6.2
Search vendor "Freebsd" for product "Freebsd" and version "4.6.2"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
4.7
Search vendor "Freebsd" for product "Freebsd" and version "4.7"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
4.8
Search vendor "Freebsd" for product "Freebsd" and version "4.8"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
4.9
Search vendor "Freebsd" for product "Freebsd" and version "4.9"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
4.10
Search vendor "Freebsd" for product "Freebsd" and version "4.10"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
4.11
Search vendor "Freebsd" for product "Freebsd" and version "4.11"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
5.0
Search vendor "Freebsd" for product "Freebsd" and version "5.0"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
5.1
Search vendor "Freebsd" for product "Freebsd" and version "5.1"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
5.2
Search vendor "Freebsd" for product "Freebsd" and version "5.2"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
5.2.1
Search vendor "Freebsd" for product "Freebsd" and version "5.2.1"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
5.3
Search vendor "Freebsd" for product "Freebsd" and version "5.3"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
5.4
Search vendor "Freebsd" for product "Freebsd" and version "5.4"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
5.5
Search vendor "Freebsd" for product "Freebsd" and version "5.5"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
6.0
Search vendor "Freebsd" for product "Freebsd" and version "6.0"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
6.1
Search vendor "Freebsd" for product "Freebsd" and version "6.1"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
6.2
Search vendor "Freebsd" for product "Freebsd" and version "6.2"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
6.3
Search vendor "Freebsd" for product "Freebsd" and version "6.3"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
6.4
Search vendor "Freebsd" for product "Freebsd" and version "6.4"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
7.0
Search vendor "Freebsd" for product "Freebsd" and version "7.0"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
7.1
Search vendor "Freebsd" for product "Freebsd" and version "7.1"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
7.2
Search vendor "Freebsd" for product "Freebsd" and version "7.2"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
7.3
Search vendor "Freebsd" for product "Freebsd" and version "7.3"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
7.4
Search vendor "Freebsd" for product "Freebsd" and version "7.4"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
8.0
Search vendor "Freebsd" for product "Freebsd" and version "8.0"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
8.1
Search vendor "Freebsd" for product "Freebsd" and version "8.1"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
8.2
Search vendor "Freebsd" for product "Freebsd" and version "8.2"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
8.3
Search vendor "Freebsd" for product "Freebsd" and version "8.3"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
< 5.3.14
Search vendor "Php" for product "Php" and version " < 5.3.14"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
>= 5.4.0 < 5.4.4
Search vendor "Php" for product "Php" and version " >= 5.4.0 < 5.4.4"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
6.0
Search vendor "Debian" for product "Debian Linux" and version "6.0"
-
Affected