CVE-2020-28052Improper Authentication in Bc-java

CWE-287Improper AuthenticationCWE-670Always-Incorrect Control Flow Implementation15 documents7 sources
Severity
8.1HIGHNVD
EPSS
4.1%
top 11.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
20
Oracle Blockchain PlatformOracle Communications Session Report ManagerOracle Communications Session Route Manager+17 more
Timeline
PublishedDec 18
Latest updateApr 15

Description

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages20 packages

NVDbouncycastle/bc-java1.65, 1.66+1

Patches

Patch: github.comPatch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
GHSA
Logic error in Legion of the Bouncy Castle BC Java2021-04-30
OSV
Logic error in Legion of the Bouncy Castle BC Java2021-04-30
OSV
CVE-2020-28052: An issue was discovered in Legion of the Bouncy Castle BC Java 12020-12-18
CVEList
CVE-2020-28052: An issue was discovered in Legion of the Bouncy Castle BC Java 12020-12-18

📋Vendor Advisories

10
Oracle
Oracle Oracle Analytics Risk Matrix: Analytics Web General (Bouncy Castle Java Library) — CVE-2020-280522023-04-15
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Installer (Bouncy Castle Java Library) — CVE-2020-280522022-10-15
Oracle
Oracle Oracle Commerce Risk Matrix: Framework, Experience Manager (Bouncy Castle Java Library) — CVE-2020-280522022-07-15
Oracle
Oracle Oracle Blockchain Platform Risk Matrix: BCS Console (Bouncy Castle Java Library) — CVE-2020-280522022-04-15
Oracle
Oracle Oracle Communications Applications Risk Matrix: Messaging (Bouncy Castle Java Library) — CVE-2020-280522022-01-15
CVE-2020-28052 — Improper Authentication in Bc-java | cvebase