16 Şubat 2008 Cumartesi

Apache htpasswd Password Entropy Weakness

14:31  Vedat FETAH  Yorum Yapılmamış

Son günlerde çıkan iki önemli açıktan biri olacak nitelikte bir açık. Bu açık sayesinde exploit kullanmadan htpasswd dosyasının aşılabileceği belirtilmiştir. Bu açığın kapatılması yönünde apache yaması çıkmıştır. Sürümlerle ilgili yamaların bilgileri aşağıdaki adreslerden temin edilebilir...

Apache Software Foundation Apache 2.3.38-dev

* Apache patch_fix_to_the_htpasswd_salt_generation_weakness
http://issues.apache.org/bugzilla/attachment.cgi?id=12871


Apache Software Foundation Apache 2.2.5-dev

* Apache patch_fix_to_the_htpasswd_salt_generation_weakness
http://issues.apache.org/bugzilla/attachment.cgi?id=12871


Apache Software Foundation Apache 2.2.6-dev

* Apache patch_fix_to_the_htpasswd_salt_generation_weakness
http://issues.apache.org/bugzilla/attachment.cgi?id=12871


Apache Software Foundation Apache 2.2.7-dev

* Apache patch_fix_to_the_htpasswd_salt_generation_weakness
http://issues.apache.org/bugzilla/attachment.cgi?id=12871


Apache Software Foundation Apache 2.1

* Apache patch_fix_to_the_htpasswd_salt_generation_weakness
http://issues.apache.org/bugzilla/attachment.cgi?id=12871


Apache Software Foundation Apache 2.1.1

* Apache patch_fix_to_the_htpasswd_salt_generation_weakness
http://issues.apache.org/bugzilla/attachment.cgi?id=12871


Apache Software Foundation Apache 2.1.2

* Apache patch_fix_to_the_htpasswd_salt_generation_weakness
http://issues.apache.org/bugzilla/attachment.cgi?id=12871


Apache Software Foundation Apache 2.1.3

* Apache patch_fix_to_the_htpasswd_salt_generation_weakness
http://issues.apache.org/bugzilla/attachment.cgi?id=12871


Apache Software Foundation Apache 2.1.4

* Apache patch_fix_to_the_htpasswd_salt_generation_weakness
http://issues.apache.org/bugzilla/attachment.cgi?id=12871


Apache Software Foundation Apache 2.1.5

* Apache patch_fix_to_the_htpasswd_salt_generation_weakness
http://issues.apache.org/bugzilla/attachment.cgi?id=12871


Apache Software Foundation Apache 2.1.6

* Apache patch_fix_to_the_htpasswd_salt_generation_weakness
http://issues.apache.org/bugzilla/attachment.cgi?id=12871


Apache Software Foundation Apache 2.1.7

* Apache patch_fix_to_the_htpasswd_salt_generation_weakness
http://issues.apache.org/bugzilla/attachment.cgi?id=12871


Apache Software Foundation Apache 2.1.8

* Apache patch_fix_to_the_htpasswd_salt_generation_weakness
http://issues.apache.org/bugzilla/attachment.cgi?id=12871


Apache Software Foundation Apache 2.2 .0

* Apache patch_fix_to_the_htpasswd_salt_generation_weakness
http://issues.apache.org/bugzilla/attachment.cgi?id=12871


Apache Software Foundation Apache 2.2.2

* Apache patch_fix_to_the_htpasswd_salt_generation_weakness
http://issues.apache.org/bugzilla/attachment.cgi?id=12871


Apache Software Foundation Apache 2.2.3

* Apache patch_fix_to_the_htpasswd_salt_generation_weakness
http://issues.apache.org/bugzilla/attachment.cgi?id=12871


Apache Software Foundation Apache 2.2.4

* Apache patch_fix_to_the_htpasswd_salt_generation_weakness
http://issues.apache.org/bugzilla/attachment.cgi?id=12871


Apache Software Foundation Apache 2.2.5

* Apache patch_fix_to_the_htpasswd_salt_generation_weakness
http://issues.apache.org/bugzilla/attachment.cgi?id=12871


Apache Software Foundation Apache 2.2.6

* Apache patch_fix_to_the_htpasswd_salt_generation_weakness
http://issues.apache.org/bugzilla/attachment.cgi?id=12871
Kaynak: SecurityFocus

Etiket:

0 yorum:

Yorum Gönder

Paylaş

Twitter Delicious Facebook Digg Stumbleupon Favorites