CVE-2012-2143

N/A Unknown
Published: July 05, 2012 Modified: April 29, 2026
View on NVD

Description

The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aab49e934de1fff046e659cbec46e3d053b41c34
Source: secalert@redhat.com
Broken Link Patch
http://git.postgresql.org/gitweb/?p=postgresql.git&a=commit&h=932ded2ed51e8333852e370c7a6dad75d9f236f9
Source: secalert@redhat.com
Vendor Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Source: secalert@redhat.com
Third Party Advisory
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1037.html
Source: secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/49304
Source: secalert@redhat.com
Broken Link Vendor Advisory
http://secunia.com/advisories/50718
Source: secalert@redhat.com
Broken Link Vendor Advisory
http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc
Source: secalert@redhat.com
Vendor Advisory
http://support.apple.com/kb/HT5501
Source: secalert@redhat.com
Third Party Advisory
http://www.debian.org/security/2012/dsa-2491
Source: secalert@redhat.com
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:092
Source: secalert@redhat.com
Broken Link
http://www.postgresql.org/docs/8.3/static/release-8-3-19.html
Source: secalert@redhat.com
Vendor Advisory
http://www.postgresql.org/docs/8.4/static/release-8-4-12.html
Source: secalert@redhat.com
Vendor Advisory
http://www.postgresql.org/docs/9.0/static/release-9-0-8.html
Source: secalert@redhat.com
Vendor Advisory
http://www.postgresql.org/docs/9.1/static/release-9-1-4.html
Source: secalert@redhat.com
Vendor Advisory
http://www.postgresql.org/support/security/
Source: secalert@redhat.com
Vendor Advisory
http://www.securitytracker.com/id?1026995
Source: secalert@redhat.com
Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=816956
Source: secalert@redhat.com
Issue Tracking Third Party Advisory
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aab49e934de1fff046e659cbec46e3d053b41c34
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Patch
http://git.postgresql.org/gitweb/?p=postgresql.git&a=commit&h=932ded2ed51e8333852e370c7a6dad75d9f236f9
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1037.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/49304
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://secunia.com/advisories/50718
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://support.apple.com/kb/HT5501
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2012/dsa-2491
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:092
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.postgresql.org/docs/8.3/static/release-8-3-19.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.postgresql.org/docs/8.4/static/release-8-4-12.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.postgresql.org/docs/9.0/static/release-9-0-8.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.postgresql.org/docs/9.1/static/release-9-1-4.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.postgresql.org/support/security/
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securitytracker.com/id?1026995
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=816956
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Third Party Advisory

50 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
5.7%
92th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-310

Affected Vendors

postgresql debian php freebsd

Related CVEs

CVE-2026-57346 7.1
CVE-2026-25707 8.8
CVE-2026-13601 7.1
CVE-2026-13557 4.3
CVE-2026-13556 4.3