First published: Sat Feb 28 2015(Updated: )
Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Mindrot Jbcrypt | <0.4 | |
Fedoraproject Fedora | =20 | |
Fedoraproject Fedora | =21 | |
Fedoraproject Fedora | =22 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.