Upstream information

CVE-2008-3188 at MITRE

Description

libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.2
Vector AV:L/AC:H/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity High
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entry: 408719 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 11.0
  • libxcrypt >= 3.0-14.2
  • libxcrypt-32bit >= 3.0-14.2
  • libxcrypt-64bit >= 3.0-14.2
  • libxcrypt-devel >= 3.0-14.2