Users of the PHP web scripting language have been warned off updating to the latest patch because of a bug that affects some cryptographic functions.
A bug report published four days after the release of version 5.3.7 highlighted the problem.
The report stated that the crypt function, which is used to hash a text string (in other words, map a large amount of information into something smaller), no longer worked properly in the new build.
"If crypt() is executed with MD5 salts, the return value consists of the salt only. DES and BLOWFISH [block ciphers used in encryption] salts work as expected," the report stated.
The salt consists of random bits added to the hash that improve security by making it impossible for an attacker to crack all the passwords at once.
The developers of the PHP language have promised that the bug will be fixed in the next version, due shortly.
"Due to unfortunate issues with 5.3.7 users should wait with upgrading until 5.3.8 will be released (expected in few days)."
Have your say on this article
Newsletters
Latest stories from Security Technology
Latest videos
You may also like
Security Technology jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
