"PHP 5.3.7 was just released last week and that version contained fixes
for a slew of security vulnerabilities. But now a serious flaw has been
found in that new release that is related to the way that one of the
cryptographic functions handles inputs. In some cases, when the crypt()
function is called using MD5 salts, the function will return only the
salt value instead of the salted hash value. The problem does not occur
when using Blowfish or DES, only with MD5."
PHP users are advised to hold off on upgrading until the issue has
been addressed. The above link claims that an intermediate release that
fixes the issue is available, and will be pushed as a new version very
Please reply back to this ticket if you found this security alert helpful.