Information disclosure vulnerability in crypt_blowfish function in PHPID: oval:org.secpod.oval:def:2231 | Date: (C)2011-09-09 (M)2024-04-29 |
Class: VULNERABILITY | Family: windows |
The host is installed with PHP before 5.3.7 and is prone to information disclosure vulnerability. A flaw is present crypt_blowfish function in the application, which fails in proper handling of passwords with 8-bit characters. Successful exploitation allows attackers to obtain the MD5 password hash and other sensitive information.
Platform: |
Microsoft Windows 2000 |
Microsoft Windows 7 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Vista |
Microsoft Windows XP |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows 8 |