Re: [opensuse-factory] Yast using DES password hashing on recent Tumbleweed snapshots

On Thu, 2019-11-21 at 20:27 +0100, Fabian Vogt wrote:

I agree - this is a CVE worthy bug IMO. DES is like plaintext, but at least only the first eight bytes are affected... We have assigned CVE-2019-3700. https://bugzilla.opensuse.org/show_bug.cgi?id=CVE-2019-3700

Please reach out to security@suse.com if you come across vulnerabilities or exposures in openSUSE because we don't read every email on every mailing list. Best, Malte -- Malte Kraus Security Engineer PGP Key: 8AFC 3C58 6880 2DDD 4792 C3C2 FDBD 2984 D4C3 C2F0 SUSE Software Solutions Germany GmbH / Maxfeldstr. 5 / 90409 Nürnberg / Germany / (HRB 36809, AG Nürnberg) / Geschäftsführer: Felix Imendörffer