Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt prior to 0.4 makes it easier for remote malicious users to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mindrot jbcrypt |
||
fedoraproject fedora 22 |
||
fedoraproject fedora 20 |
||
fedoraproject fedora 21 |