cbcvebase.
CVE-2020-28052
published 2020-12-18

CVE-2020-28052: An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when…

high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.

Affected

40 ranges· showing 25
VendorProductVersion rangeFixed in
apachekaraf
bouncycastlebc-java
bouncycastlebc-java
debianbouncycastle< bouncycastle 1.65-2 (bookworm)bouncycastle 1.65-2 (bookworm)
oraclebanking_corporate_lending_process_management
oraclebanking_corporate_lending_process_management
oraclebanking_corporate_lending_process_management
oraclebanking_credit_facilities_process_management
oraclebanking_credit_facilities_process_management
oraclebanking_credit_facilities_process_management
oraclebanking_extensibility_workbench
oraclebanking_extensibility_workbench
oraclebanking_extensibility_workbench
oraclebanking_supply_chain_finance
oraclebanking_supply_chain_finance
oraclebanking_supply_chain_finance
oraclebanking_virtual_account_management
oraclebanking_virtual_account_management
oraclebanking_virtual_account_management
oracleblockchain_platform< 21.1.221.1.2
oraclecommerce_guided_search
oraclecommunications_application_session_controller
oraclecommunications_cloud_native_core_network_slice_selection_function
oraclecommunications_convergence
oraclecommunications_messaging_server

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
osv8.1HIGH