FreeBSD Security Advisory (Crypt)

The FreeBSD Security Team has identified an issue in crypt and has issued the following security advisory: FreeBSD-SA-12:02.crypt (30/05/2012).

I. Background

The crypt(3) function performs password hashing with additional code added to deter key search attempts.

II. Problem Description

There is a programming error in the DES implementation used in crypt() when handling input which contains characters that can not be represented with 7-bit ASCII.

III. Impact

When the input contains characters with only the most significant bit set (0x80), that character and all characters after it will be ignored.

For a workaround and solution, check out the security advisory: FreeBSD-SA-12:02.crypt

Leave a Reply

Your email address will not be published. Required fields are marked *