#118 crypt(3) on FreeBSD is vunerable to CPU denial of service.

[Anonymous]

<p>In reading [http://www.freebsd.org/cgi/man.cgi?
query=crypt&apropos=0&sektion=3&manpath=FreeBSD+5.
2-RELEASE+and+Ports&format=html|FreeBSD's crypt(3)]
I get the impression that users whose username
match /^_/ trigger the DES Extended mode where the
next four characters indicate the number of loops to go.
A malicious user could login as _zzzz.... which would
have crypt() in confirmUser of [Everything/HTML.pm]
internally loop for 16007040 rounds. My guess is that it'd
be obnoxiously slow and easy to knock over a server this
way.</p><p>Similarly, usernames of the form /^\$\d\$/
trigger another mode and in this case the amount of the
username that is used is conditional on if there is
another dollar sign. A user like /^\$\d\$\$/ might be a
corner case for the libcrypt library.</p>