VULHUB ™

A weakness has been discovered in the way that the Apache 'htpasswd' utility generates salts. Specifically, the salt is generated based of the current system time. As a result, salts generated within the same second will be identical. This may pose a security weakness if the server were implementing default passwords and an attacker were capable of obtaining the contents of htpasswd.

A weakness has been discovered in the way that the Apache 'htpasswd' utility generates salts. Specifically, the salt is generated based of the current system time. As a result, salts generated within the same second will be identical. This may pose a security weakness if the server were implementing default passwords and an attacker were capable of obtaining the contents of htpasswd.