CVE-2006-0591

Name of the Vulnerable Software and Affected Versions crypt blowfish versions 0.4.7 and earlier

Description The issue affects the crypt gensalt functions for BSDI-style extended DES-based and FreeBSD-style MD5-based password hashes, causing salts to not be evenly and randomly distributed. This increases the likelihood of collisions, making it easier for attackers to guess passwords from a stolen password file.

Recommendations For versions 0.4.7 and earlier, consider implementing an alternative method for generating salts to improve password security until a fixed version is available. As a temporary workaround, restrict access to password files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.