CVE-2012-3287 — MEDIUM (5.0)

Vulnerability Description

Poul-Henning Kamp md5crypt has insufficient algorithmic complexity and a consequently short runtime, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack, as demonstrated by an attack using GPU hardware.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Poul-Henning Kamp	Md5Crypt	-

Related Weaknesses (CWE)

CWE-310

References

http://phk.freebsd.dk/sagas/md5crypt_eol.htmlVendor Advisory
https://phk.freebsd.dk/sagas/md5crypt_eol/
http://phk.freebsd.dk/sagas/md5crypt_eol.htmlVendor Advisory
https://phk.freebsd.dk/sagas/md5crypt_eol/

FAQ

What is CVE-2012-3287?

CVE-2012-3287 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Poul-Henning Kamp md5crypt has insufficient algorithmic complexity and a consequently short runtime, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-f...

How severe is CVE-2012-3287?

CVE-2012-3287 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-3287?

Check the references section above for vendor advisories and patch information. Affected products include: Poul-Henning Kamp Md5Crypt.