Description
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
Remediation
References
Related Vulnerabilities
WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting (7.5.18.727)
Joomla! Core 3.x.x Cross-Site Request Forgery (3.2.0 - 3.4.1)
MySQL CVE-2023-22097 Vulnerability (CVE-2023-22097)
WordPress Plugin Custom Post Type UI Cross-Site Request Forgery (1.7.3)
Contao Improper Privilege Management Vulnerability (CVE-2021-37627)