Description
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
Remediation
References
Related Vulnerabilities
WordPress Plugin Currency Switcher for WooCommerce Security Bypass (2.11.1)
WordPress Plugin MediaElement.js-HTML5 Video & Audio Player Cross-Site Scripting (4.2.8)
WordPress Plugin Front-End Only Users Cross-Site Scripting (3.1.10)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.78)
Jenkins Improper Input Validation Vulnerability (CVE-2017-1000401)