An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:21
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2020-12-18 01:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-28052
Mitre link : CVE-2020-28052
CVE.ORG link : CVE-2020-28052
JSON object : View
Products Affected
oracle
- peoplesoft_enterprise_peopletools
- banking_supply_chain_finance
- banking_credit_facilities_process_management
- communications_pricing_design_center
- utilities_framework
- communications_session_route_manager
- communications_cloud_native_core_network_slice_selection_function
- commerce_guided_search
- communications_application_session_controller
- banking_corporate_lending_process_management
- banking_virtual_account_management
- communications_messaging_server
- communications_session_report_manager
- blockchain_platform
- banking_extensibility_workbench
- webcenter_portal
- jd_edwards_enterpriseone_tools
- communications_convergence
bouncycastle
- legion-of-the-bouncy-castle-java-crytography-api
apache
- karaf
CWE