Cryptographic Issues

CVE-2006-0591

Low

1.2/10

Summary

The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions.

Access Complexity: HIGH
AccessVector: LOCAL
Authentication: NONE
Integrity Impact: NONE
Confidentiality Impact: PARTIAL
Availability Impact: NONE

CWE-310 - Cryptographic Issues

Cryptographic issues is a category of weaknesses related to the design and implementation of the confidentiality and integrity of data. If not addressed, the weaknesses in this category can lead to data quality degradation.

References

Advisory Timeline

Published Feb 08, 2006

Cryptographic Issues

CVE-2006-0591

Summary

CWE-310 - Cryptographic Issues

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS