CVE-2011-3189 Information

Description

The crypt function in PHP 5.3.7 when the MD5 hash type is used returns the value of the salt argument instead of the hashed string which might allow remote attackers to bypass authentication via an arbitrary password a different vulnerability than CVE-2011-2483.

Reference

http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://osvdb.org/74726 http://secunia.com/advisories/45678 http://support.apple.com/kb/HT5130 http://www.openwall.com/lists/oss-security/2011/08/23/4 http://www.php.net/archive/2011.phpid2011-08-23-1 http://www.php.net/ChangeLog-5.php5.3.8 https://bugs.gentoo.org/show_bug.cgi?id=380261 https://bugs.php.net/bug.php?id=55439 https://exchange.xforce.ibmcloud.com/vulnerabilities/69429