CVE-2017-7252
First published: Fri Nov 03 2023(Updated: )
bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Botan | >=1.11.0<2.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2017-7252.
What is the severity of CVE-2017-7252?
CVE-2017-7252 has a severity level of 7.5 (high).
How does the vulnerability in Botan affect the password hashing?
The vulnerability in Botan affects the bcrypt password hashing, specifically passwords with a length between 57 and 72 characters.
What is the impact of this vulnerability?
The vulnerability makes it easier for attackers to determine the cleartext password.
Is there a fix available for CVE-2017-7252?
Yes, the fix is available in Botan version 2.1.0.
- agent/references
- agent/type
- agent/event
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/botan project
- canonical/botan
- version/botan/1.11.0