openSUSE 'libxcrypt' Insecure Password Hash Weakness
BID:30301
Info
openSUSE 'libxcrypt' Insecure Password Hash Weakness
| Bugtraq ID: | 30301 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jul 21 2008 12:00AM |
| Updated: | Jul 05 2016 10:01PM |
| Credit: | Thomas Schulte |
| Vulnerable: |
SuSE openSUSE 10.3 S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.2 |
| Not Vulnerable: | |
Discussion
openSUSE 'libxcrypt' Insecure Password Hash Weakness
openSUSE is prone to an insecure password-hash weakness.
This issue stems from a design error when 'libxcrypt' is used to calculate password hashes. This weakness can result in the creation of weak passwords and can lead to a false sense of security.
Note that the default installation of openSUSE uses 'blowfish', which isn't affected by the hash issue.
openSUSE is prone to an insecure password-hash weakness.
This issue stems from a design error when 'libxcrypt' is used to calculate password hashes. This weakness can result in the creation of weak passwords and can lead to a false sense of security.
Note that the default installation of openSUSE uses 'blowfish', which isn't affected by the hash issue.
Exploit / POC
openSUSE 'libxcrypt' Insecure Password Hash Weakness
An exploit is not required. An attacker may use various widely available tools to brute-force passwords.
An exploit is not required. An attacker may use various widely available tools to brute-force passwords.
Solution / Fix
openSUSE 'libxcrypt' Insecure Password Hash Weakness
Solution:
SUSE released fixes to address this issue. Please see the references for more information.
Solution:
SUSE released fixes to address this issue. Please see the references for more information.