Description

crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.

Remediation

References

CVE-2011-2483

Related Vulnerabilities

WordPress Plugin All-in-One Event Calendar Cross-Site Scripting (2.5.18)

WordPress Plugin Calendar Cross-Site Scripting (1.3.7)

WordPress Plugin Appointment Hour Booking-WordPress Booking Cross-Site Scripting (1.3.15)

PHP Out-of-bounds Write Vulnerability (CVE-2008-2371)

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-29251)

Severity

Medium

Classification

CVE-2011-2483

Tags

Missing Update Known Vulnerabilities