Joseph Bonneau

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions prior to 9.0-RELEASE-p2 **Description** The issue is related to the crypt des function, which does not process the complete cleartext password if it contains a 0x80 character. This makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password. The problem is demonstrated by a Unicode password and affects products that use this function, such as PHP and PostgreSQL. **Recommendations** For FreeBSD versions prior to 9.0-RELEASE-p2, update to version 9.0-RELEASE-p2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of passwords containing the 0x80 character until a patch is available. Restrict access to authentication mechanisms that rely on the crypt des function to minimize the risk of exploitation.