Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
Serious Crypto Bug Found in PHP 5.3.7
Posted by Philipp Esselbach on: 08/22/2011 03:28 PM [ Print | 0 comment(s) ]
Threadpost reports that the maintainers of the PHP scripting language are warning users about a serious crypto problem in the latest release and advising them not to upgrade to PHP 5.3.7 until the bug is resolved.
PHP 5.3.7 was just released last week and that version contained fixes for a slew of security vulnerabilities. But now a serious flaw has been found in that new release that is related to the way that one of the cryptographic functions handles inputs. In some cases, when the crypt() function is called using MD5 salts, the function will return only the salt value instead of the salted hash value.
The problem does not occur when using Blowfish or DES, only with MD5. The initial bug report on the problem in the PHP system appeared Aug. 17, the day before the public stable release of PHP 5.3.7.
The problem does not occur when using Blowfish or DES, only with MD5. The initial bug report on the problem in the PHP system appeared Aug. 17, the day before the public stable release of PHP 5.3.7.
Serious Crypto Bug Found in PHP 5.3.7
Related Threads
07/15/2008 05:40 PM: Need some serious help (1) by Myke
01/22/2008 03:35 PM: 2 Serious Questions (7) by Shadow64Bt
05/20/2006 07:36 AM: IE and Outlook Express serious problem on XP (9) by migisukhoi
07/01/2005 05:29 AM: XP 'Your system has recovered from a serious error" (2) by Bahlin
01/14/2005 01:16 PM: FlashGet : a serious spyware threat? (4) by Tom-boy
11/11/2004 12:14 AM: Serious Problems : Installed But Can't Play It (1) by PhantomLotus
02/12/2005 04:25 AM: Re: Win2000 networking error or is it a serious bug!! (6) by wrenhal
10/25/2004 05:50 PM: The system has recovered from a serious system :( (3) by adamvjackson
09/26/2004 01:03 AM: Serious Problem (0) by HybridFreak
10/30/2004 12:30 PM: In need of serious help in running final fantasy 7 on win 2000 (3) by peterh
01/22/2008 03:35 PM: 2 Serious Questions (7) by Shadow64Bt
05/20/2006 07:36 AM: IE and Outlook Express serious problem on XP (9) by migisukhoi
07/01/2005 05:29 AM: XP 'Your system has recovered from a serious error" (2) by Bahlin
01/14/2005 01:16 PM: FlashGet : a serious spyware threat? (4) by Tom-boy
11/11/2004 12:14 AM: Serious Problems : Installed But Can't Play It (1) by PhantomLotus
02/12/2005 04:25 AM: Re: Win2000 networking error or is it a serious bug!! (6) by wrenhal
10/25/2004 05:50 PM: The system has recovered from a serious system :( (3) by adamvjackson
09/26/2004 01:03 AM: Serious Problem (0) by HybridFreak
10/30/2004 12:30 PM: In need of serious help in running final fantasy 7 on win 2000 (3) by peterh