Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.
References
Information
Published : 2015-02-27 18:59
Updated : 2021-09-24 06:15
NVD link : CVE-2015-0886
Mitre link : CVE-2015-0886
JSON object : View
CWE
CWE-190
Integer Overflow or Wraparound
Products Affected
fedoraproject
- fedora
mindrot
- jbcrypt