Test ID:	1.3.6.1.4.1.25623.1.0.103225
Category:	Web application abuses
Title:	PHP crypt() returns only the salt for MD5
Summary:	PHP 5.3.7, if crypt()is executed with MD5 salts, the return value conists of the; salt only.
Description:	Summary: PHP 5.3.7, if crypt()is executed with MD5 salts, the return value conists of the salt only. Affected Software/OS: PHP 5.3.7 is vulnerable. Solution: Updates are available. Please see the references for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3189 45678 http://secunia.com/advisories/45678 74726 http://osvdb.org/74726 APPLE-SA-2012-02-01-1 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html [oss-security] 20110823 CVE assignment - PHP salt flaw CVE-2011-3189 http://www.openwall.com/lists/oss-security/2011/08/23/4 http://support.apple.com/kb/HT5130 http://www.php.net/ChangeLog-5.php#5.3.8 http://www.php.net/archive/2011.php#id2011-08-23-1 https://bugs.gentoo.org/show_bug.cgi?id=380261 https://bugs.php.net/bug.php?id=55439 php-crypt-security-bypass(69429) https://exchange.xforce.ibmcloud.com/vulnerabilities/69429
Copyright	Copyright (C) 2011 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.