bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.
References
Link | Resource |
---|---|
https://botan.randombit.net/security.html | Vendor Advisory |
https://bugzilla.suse.com/show_bug.cgi?id=1034591 | Issue Tracking |
Configurations
History
13 Nov 2023, 17:50
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://bugzilla.suse.com/show_bug.cgi?id=1034591 - Issue Tracking | |
References | (CONFIRM) https://botan.randombit.net/security.html - Vendor Advisory | |
First Time |
Botan Project
Botan Project botan |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:* | |
CWE | CWE-319 |
03 Nov 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-03 01:15
Updated : 2024-02-28 20:33
NVD link : CVE-2017-7252
Mitre link : CVE-2017-7252
CVE.ORG link : CVE-2017-7252
JSON object : View
Products Affected
botan_project
- botan
CWE
CWE-319
Cleartext Transmission of Sensitive Information