crypt_blowfish: crackable password hashing [LWN.net]

Package(s):

crypt_blowfish

CVE #(s):

CVE-2011-2483

Created:

August 19, 2011

Updated:

December 19, 2011

Description:

From the openSUSE advisory:

The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts). Affected passwords are potentially faster to crack via brute force methods.

Alerts:

Mandriva	MDVSA-2011:180	2011-11-28
Mandriva	MDVSA-2011:179	2011-11-25
Mandriva	MDVSA-2011:178	2011-11-25
CentOS	CESA-2011:1377	2011-11-09
Debian	DSA-2340-1	2011-11-07
Oracle	ELSA-2011-1423	2011-11-03
Oracle	ELSA-2011-1423	2011-11-03
Scientific Linux	SL-NotF-20111102	2011-11-02
Mandriva	MDVSA-2011:165	2011-11-03
CentOS	CESA-2011:1423	2011-11-03
Red Hat	RHSA-2011:1423-01	2011-11-02
Mandriva	MDVSA-2011:161	2011-10-24
Gentoo	201110-22	2011-10-25
Scientific Linux	SL-post-20111017	2011-10-17
Scientific Linux	SL-post-20111017	2011-10-17
CentOS	CESA-2011:1378	2011-10-18
CentOS	CESA-2011:1377	2011-10-18
Ubuntu	USN-1231-1	2011-10-18
Red Hat	RHSA-2011:1378-01	2011-10-17
Red Hat	RHSA-2011:1377-01	2011-10-17
openSUSE	openSUSE-SU-2011:1138-1	2011-10-17
openSUSE	openSUSE-SU-2011:1137-1	2011-10-17
Ubuntu	USN-1229-1	2011-10-13
Gentoo	201110-06	2011-10-10
Fedora	FEDORA-2011-11537	2011-08-26
Fedora	FEDORA-2011-11528	2011-08-26
Fedora	FEDORA-2011-11537	2011-08-26
Fedora	FEDORA-2011-11528	2011-08-26
Fedora	FEDORA-2011-11537	2011-08-26
Fedora	FEDORA-2011-11528	2011-08-26
openSUSE	openSUSE-SU-2011:0972-1	2011-08-30
openSUSE	openSUSE-SU-2011:0970-1	2011-08-30
openSUSE	openSUSE-SU-2011:0921-2	2011-08-26
Slackware	SSA:2011-237-01	2011-08-25
SUSE	SUSE-SA:2011:035	2011-08-23
openSUSE	openSUSE-SU-2011:0921-1	2011-08-19
Debian	DSA-2399-1	2012-01-31
openSUSE	openSUSE-SU-2012:0480-1	2012-04-11
Mandriva	MDVSA-2012:071	2012-05-10
Oracle	ELSA-2012-0677	2012-05-22
Oracle	ELSA-2012-1046	2012-06-30

(Log in to post comments)