Description
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Google Maps Cross-Site Scripting (7.11.34)
WordPress Plugin Gravity Forms SQL Injection (1.9.3.5)
WordPress Plugin WP Visitor Statistics (Real Time Traffic) SQL Injection (5.5)
Drupal Core 6.x Denial of Service (6.0 - 6.32)
PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5288)