CVE-2012-2143
Description
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
Risk Information
Base Score
10.0
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.995
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2012-1618,CVE-2012-2143 are affected in Postgresql 9.1 | Windows |
| Vulnerabilities CVE-2012-2655,CVE-2012-2143 are fixed in PostgreSQL 9.1.4 | Windows |
| Vulnerabilities CVE-2012-2655,CVE-2012-2143 are fixed in PostgreSQL 9.0.8 | Windows |
| Vulnerabilities CVE-2012-2655,CVE-2012-2143 are fixed in PostgreSQL 8.4.12 | Windows |
| Vulnerabilities CVE-2012-2655,CVE-2012-2143 are fixed in PostgreSQL 8.3.19 | Windows |
| Multiple vulnerabilities are fixed in OS X Lion Update 10.7.5 (Client) | Mac |
| Multiple vulnerabilities are fixed in OS X Lion Update 10.7.5 (Client Combo) | Mac |
| Apcu-panel update (ELSA-2023-2903) apcu-panel-5.1.18-1.module+el8.3.0+7685+72d70b58.noarch.rpm | Linux |
| Libzip update (ELSA-2023-2903) libzip-1.6.1-1.module+el8.3.0+7685+72d70b58.x86_64.rpm | Linux |
| Libzip-devel update (ELSA-2023-2903) libzip-devel-1.6.1-1.module+el8.3.0+7685+72d70b58.x86_64.rpm | Linux |
| Libzip-tools update (ELSA-2023-2903) libzip-tools-1.6.1-1.module+el8.3.0+7685+72d70b58.x86_64.rpm | Linux |
| Php update (ELSA-2023-2903) php-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Php-bcmath update (ELSA-2023-2903) php-bcmath-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Php-cli update (ELSA-2023-2903) php-cli-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Php-common update (ELSA-2023-2903) php-common-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Php-dba update (ELSA-2023-2903) php-dba-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Php-dbg update (ELSA-2023-2903) php-dbg-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Php-devel update (ELSA-2023-2903) php-devel-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Php-embedded update (ELSA-2023-2903) php-embedded-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Php-enchant update (ELSA-2023-2903) php-enchant-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Php-ffi update (ELSA-2023-2903) php-ffi-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Php-fpm update (ELSA-2023-2903) php-fpm-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Php-gd update (ELSA-2023-2903) php-gd-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Php-gmp update (ELSA-2023-2903) php-gmp-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Php-intl update (ELSA-2023-2903) php-intl-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Php-json update (ELSA-2023-2903) php-json-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Php-ldap update (ELSA-2023-2903) php-ldap-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Php-mbstring update (ELSA-2023-2903) php-mbstring-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Php-mysqlnd update (ELSA-2023-2903) php-mysqlnd-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Php-odbc update (ELSA-2023-2903) php-odbc-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Php-opcache update (ELSA-2023-2903) php-opcache-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Php-pdo update (ELSA-2023-2903) php-pdo-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Php-pear update (ELSA-2023-2903) php-pear-1.10.13-1.module+el8.7.0+20800+8e29b882.noarch.rpm | Linux |
| Php-pecl-apcu update (ELSA-2023-2903) php-pecl-apcu-5.1.18-1.module+el8.3.0+7685+72d70b58.x86_64.rpm | Linux |
| Php-pecl-apcu-devel update (ELSA-2023-2903) php-pecl-apcu-devel-5.1.18-1.module+el8.3.0+7685+72d70b58.x86_64.rpm | Linux |
| Php-pecl-rrd update (ELSA-2023-2903) php-pecl-rrd-2.0.1-1.module+el8.3.0+7685+72d70b58.x86_64.rpm | Linux |
| Php-pecl-xdebug update (ELSA-2023-2903) php-pecl-xdebug-2.9.5-1.module+el8.3.0+7685+72d70b58.x86_64.rpm | Linux |
| Php-pecl-zip update (ELSA-2023-2903) php-pecl-zip-1.18.2-1.module+el8.3.0+7685+72d70b58.x86_64.rpm | Linux |
| Php-pgsql update (ELSA-2023-2903) php-pgsql-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Php-process update (ELSA-2023-2903) php-process-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Php-snmp update (ELSA-2023-2903) php-snmp-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Php-soap update (ELSA-2023-2903) php-soap-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Php-xml update (ELSA-2023-2903) php-xml-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Php-xmlrpc update (ELSA-2023-2903) php-xmlrpc-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpm | Linux |
| Vulnerability CVE-2012-1618,CVE-2012-2143 are affected in Postgresql 9.1 (For Linux) | Linux |
| Vulnerabilities CVE-2012-2655,CVE-2012-2143 are fixed in PostgreSQL 9.1.4 (For Linux) | Linux |
| Vulnerabilities CVE-2012-2655,CVE-2012-2143 are fixed in PostgreSQL 9.0.8 (For Linux) | Linux |
| Vulnerabilities CVE-2012-2655,CVE-2012-2143 are fixed in PostgreSQL 8.4.12 (For Linux) | Linux |
| Vulnerabilities CVE-2012-2655,CVE-2012-2143 are fixed in PostgreSQL 8.3.19 (For Linux) | Linux |
| Postgresql-server update (ELSA-2024-10882) postgresql-server-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-pltcl update (ELSA-2024-10882) postgresql-pltcl-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-plpython update (ELSA-2024-10882) postgresql-plpython-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-plperl update (ELSA-2024-10882) postgresql-plperl-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-libs update (ELSA-2024-10882) postgresql-libs-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-libs update (ELSA-2024-10882) postgresql-libs-9.2.24-9.0.3.el7_9.i686.rpm | Linux |
| Postgresql-docs update (ELSA-2024-10882) postgresql-docs-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-devel update (ELSA-2024-10882) postgresql-devel-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-devel update (ELSA-2024-10882) postgresql-devel-9.2.24-9.0.3.el7_9.i686.rpm | Linux |
| Postgresql-contrib update (ELSA-2024-10882) postgresql-contrib-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql update (ELSA-2024-10882) postgresql-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql update (ELSA-2024-10882) postgresql-9.2.24-9.0.3.el7_9.i686.rpm | Linux |
| Postgresql-test update (ELSA-2024-10882) postgresql-test-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| CVE-2012-2143 | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-600003 | OS X Lion Update 10.7.5 (Client) |
| PATCH-600004 | OS X Lion Update 10.7.5 (Client Combo) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234