CVE-2012-2143

The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.

Published: 2012-07-05 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2012-2143 is rated Moderate Risk (52.2/100): CVSS Medium severity, with high exploitation likelihood (EPSS 5.73%, 92th percentile). Core evidence: EPSS ranks this CVE among the most likely to be exploited in the near term. EPSS rose +2.74% over the last day, indicating growing attacker interest. Mandatory action: High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2012-2143

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 3.00% 5.73% +2.74%
2 2026-02-01 6.53% 3.00% -3.53%
3 2026-01-21 6.53%

Full EPSS history (18 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2012-2143

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
4.3 2.0 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
8.6 2.9 [email protected]

Weakness enumeration for CVE-2012-2143

OS Trackers for CVE-2012-2143

vendor priority summary link
gentoo normal CVE-2012-2143: 2 GLSA(s) (201209-03, 201209-24), 2 atom(s) (dev-db/postgresql-server, dev-lang/php); latest impact normal. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2012-2143
redhat medium https://access.redhat.com/security/cve/CVE-2012-2143
ubuntu medium CVE-2012-2143 medium priority: Ubuntu including 5 source packages (php5, postgresql-8.2, postgresql-8.3, postgresql-8.4, postgresql-9.1), 41 status rows across 9 suites (hardy, lucid, maverick, natty, oneiric, precise, quantal, raring, upstream): DNE 18, released 13, not-affected 5, ignored 3, needs-triage 2. https://ubuntu.com/security/CVE-2012-2143

Affected software / configurations for CVE-2012-2143

Vendor Product Version Raw CPE
postgresql postgresql >= 8.3, < 8.3.19 cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
postgresql postgresql >= 8.4, < 8.4.12 cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
postgresql postgresql >= 9.0, < 9.0.8 cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
postgresql postgresql >= 9.1, < 9.1.4 cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
freebsd freebsd <= 9.0 cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
freebsd freebsd 1.0 cpe:2.3:o:freebsd:freebsd:1.0:*:*:*:*:*:*:*
freebsd freebsd 1.1 cpe:2.3:o:freebsd:freebsd:1.1:*:*:*:*:*:*:*
freebsd freebsd 1.1.5 cpe:2.3:o:freebsd:freebsd:1.1.5:*:*:*:*:*:*:*
freebsd freebsd 1.1.5.1 cpe:2.3:o:freebsd:freebsd:1.1.5.1:*:*:*:*:*:*:*
freebsd freebsd 2.0 cpe:2.3:o:freebsd:freebsd:2.0:*:*:*:*:*:*:*
freebsd freebsd 2.0.5 cpe:2.3:o:freebsd:freebsd:2.0.5:*:*:*:*:*:*:*
freebsd freebsd 2.1 cpe:2.3:o:freebsd:freebsd:2.1:*:*:*:*:*:*:*
freebsd freebsd 2.1.5 cpe:2.3:o:freebsd:freebsd:2.1.5:*:*:*:*:*:*:*
freebsd freebsd 2.1.6 cpe:2.3:o:freebsd:freebsd:2.1.6:*:*:*:*:*:*:*
freebsd freebsd 2.1.7 cpe:2.3:o:freebsd:freebsd:2.1.7:*:*:*:*:*:*:*
freebsd freebsd 2.2 cpe:2.3:o:freebsd:freebsd:2.2:*:*:*:*:*:*:*
freebsd freebsd 2.2.1 cpe:2.3:o:freebsd:freebsd:2.2.1:*:*:*:*:*:*:*
freebsd freebsd 2.2.2 cpe:2.3:o:freebsd:freebsd:2.2.2:*:*:*:*:*:*:*
freebsd freebsd 2.2.5 cpe:2.3:o:freebsd:freebsd:2.2.5:*:*:*:*:*:*:*
freebsd freebsd 2.2.6 cpe:2.3:o:freebsd:freebsd:2.2.6:*:*:*:*:*:*:*
freebsd freebsd 2.2.7 cpe:2.3:o:freebsd:freebsd:2.2.7:*:*:*:*:*:*:*
freebsd freebsd 2.2.8 cpe:2.3:o:freebsd:freebsd:2.2.8:*:*:*:*:*:*:*
freebsd freebsd 3.0 cpe:2.3:o:freebsd:freebsd:3.0:*:*:*:*:*:*:*
freebsd freebsd 3.1 cpe:2.3:o:freebsd:freebsd:3.1:*:*:*:*:*:*:*
freebsd freebsd 3.2 cpe:2.3:o:freebsd:freebsd:3.2:*:*:*:*:*:*:*
freebsd freebsd 3.3 cpe:2.3:o:freebsd:freebsd:3.3:*:*:*:*:*:*:*
freebsd freebsd 3.4 cpe:2.3:o:freebsd:freebsd:3.4:*:*:*:*:*:*:*
freebsd freebsd 3.5 cpe:2.3:o:freebsd:freebsd:3.5:*:*:*:*:*:*:*
freebsd freebsd 4.0 cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:*
freebsd freebsd 4.1 cpe:2.3:o:freebsd:freebsd:4.1:*:*:*:*:*:*:*
freebsd freebsd 4.1.1 cpe:2.3:o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:*
freebsd freebsd 4.2 cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*
freebsd freebsd 4.3 cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*
freebsd freebsd 4.4 cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*
freebsd freebsd 4.5 cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*
freebsd freebsd 4.6 cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*
freebsd freebsd 4.6.2 cpe:2.3:o:freebsd:freebsd:4.6.2:*:*:*:*:*:*:*
freebsd freebsd 4.7 cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*
freebsd freebsd 4.8 cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*
freebsd freebsd 4.9 cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*
freebsd freebsd 4.10 cpe:2.3:o:freebsd:freebsd:4.10:*:*:*:*:*:*:*
freebsd freebsd 4.11 cpe:2.3:o:freebsd:freebsd:4.11:*:*:*:*:*:*:*
freebsd freebsd 5.0 cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*
freebsd freebsd 5.1 cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*
freebsd freebsd 5.2 cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*
freebsd freebsd 5.2.1 cpe:2.3:o:freebsd:freebsd:5.2.1:*:*:*:*:*:*:*
freebsd freebsd 5.3 cpe:2.3:o:freebsd:freebsd:5.3:*:*:*:*:*:*:*
freebsd freebsd 5.4 cpe:2.3:o:freebsd:freebsd:5.4:*:*:*:*:*:*:*
freebsd freebsd 5.5 cpe:2.3:o:freebsd:freebsd:5.5:*:*:*:*:*:*:*
freebsd freebsd 6.0 cpe:2.3:o:freebsd:freebsd:6.0:*:*:*:*:*:*:*
freebsd freebsd 6.1 cpe:2.3:o:freebsd:freebsd:6.1:*:*:*:*:*:*:*
freebsd freebsd 6.2 cpe:2.3:o:freebsd:freebsd:6.2:*:*:*:*:*:*:*
freebsd freebsd 6.3 cpe:2.3:o:freebsd:freebsd:6.3:*:*:*:*:*:*:*
freebsd freebsd 6.4 cpe:2.3:o:freebsd:freebsd:6.4:*:*:*:*:*:*:*
freebsd freebsd 7.0 cpe:2.3:o:freebsd:freebsd:7.0:*:*:*:*:*:*:*
freebsd freebsd 7.1 cpe:2.3:o:freebsd:freebsd:7.1:*:*:*:*:*:*:*
freebsd freebsd 7.2 cpe:2.3:o:freebsd:freebsd:7.2:*:*:*:*:*:*:*
freebsd freebsd 7.3 cpe:2.3:o:freebsd:freebsd:7.3:*:*:*:*:*:*:*
freebsd freebsd 7.4 cpe:2.3:o:freebsd:freebsd:7.4:*:*:*:*:*:*:*
freebsd freebsd 8.0 cpe:2.3:o:freebsd:freebsd:8.0:*:*:*:*:*:*:*
freebsd freebsd 8.1 cpe:2.3:o:freebsd:freebsd:8.1:*:*:*:*:*:*:*
freebsd freebsd 8.2 cpe:2.3:o:freebsd:freebsd:8.2:*:*:*:*:*:*:*
freebsd freebsd 8.3 cpe:2.3:o:freebsd:freebsd:8.3:*:*:*:*:*:*:*
php php < 5.3.14 cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
php php >= 5.4.0, < 5.4.4 cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
debian debian_linux 6.0 cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*

References for CVE-2012-2143

URL Tags
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aab49e934de1fff046e659cbec46e3d053b41c34 Broken Link Patch
http://git.postgresql.org/gitweb/?p=postgresql.git&a=commit&h=932ded2ed51e8333852e370c7a6dad75d9f236f9 Vendor Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 Third Party Advisory
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1037.html Third Party Advisory
http://secunia.com/advisories/49304 Broken Link Vendor Advisory
http://secunia.com/advisories/50718 Broken Link Vendor Advisory
http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc Vendor Advisory
http://support.apple.com/kb/HT5501 Third Party Advisory
http://www.debian.org/security/2012/dsa-2491 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:092 Broken Link
http://www.postgresql.org/docs/8.3/static/release-8-3-19.html Vendor Advisory
http://www.postgresql.org/docs/8.4/static/release-8-4-12.html Vendor Advisory
http://www.postgresql.org/docs/9.0/static/release-9-0-8.html Vendor Advisory
http://www.postgresql.org/docs/9.1/static/release-9-1-4.html Vendor Advisory
http://www.postgresql.org/support/security/ Vendor Advisory
http://www.securitytracker.com/id?1026995 Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=816956 Issue Tracking Third Party Advisory
cvelogic Threat Intelligence