CVE-2011-3189 - The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argum

CVE-2011-3189

Summary

The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483.

References

Vulnerable Configurations

cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 29-08-2017 - 01:30)
Impact:
Exploitability:

CWE

CWE-310

CAPEC

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:N/A:N

refmap via4

apple	APPLE-SA-2012-02-01-1
confirm	http://support.apple.com/kb/HT5130 http://www.php.net/ChangeLog-5.php#5.3.8 http://www.php.net/archive/2011.php#id2011-08-23-1 https://bugs.gentoo.org/show_bug.cgi?id=380261 https://bugs.php.net/bug.php?id=55439
mlist	[oss-security] 20110823 CVE assignment - PHP salt flaw CVE-2011-3189
osvdb	74726
secunia	45678
xf	php-crypt-security-bypass(69429)

Last major update

29-08-2017 - 01:30

Published

25-08-2011 - 14:22

Last modified

29-08-2017 - 01:30