Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Cryptographic Issues Vulnerability (CVE-2011-3189)

Description

The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483.

Remediation

References

Related Vulnerabilities

WordPress Plugin Better Messages-Live Chat for WordPress, BuddyPress, BuddyBoss, Ultimate Member Multiple Vulnerabilities (1.9.9.37)

phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-20035)

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-2091)

Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-1402)

WordPress Plugin Sticky Menu, Sticky Header (or anything!) on Scroll Cross-Site Request Forgery (2.2)

Severity

Medium

Classification

CVE-2011-3189

Tags

Missing Update Known Vulnerabilities