CVE-2006-0591

CVE-2006-0591 · LOW Severity

AV:L/AC:H/AU:N/C:P/I:N/A:N

The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions.

Learn more about our Web Application Penetration Testing UK.