Published: 18/12/2020 Updated: 21/11/2024

An issue exists in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.65
bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.66
apache karaf 4.3.2
oracle banking corporate lending process management 14.2.0
oracle banking corporate lending process management 14.3.0
oracle banking corporate lending process management 14.5.0
oracle banking credit facilities process management 14.2.0
oracle banking credit facilities process management 14.3.0
oracle banking credit facilities process management 14.5.0
oracle banking extensibility workbench 14.2.0
oracle banking extensibility workbench 14.3.0
oracle banking extensibility workbench 14.5.0
oracle banking supply chain finance 14.2.0
oracle banking supply chain finance 14.3.0
oracle banking supply chain finance 14.5.0
oracle banking virtual account management 14.2.0
oracle banking virtual account management 14.3.0
oracle banking virtual account management 14.5.0
oracle blockchain platform
oracle commerce guided search 11.3.2
oracle communications application session controller 3.9m0p3
oracle communications cloud native core network slice selection function 1.2.1
oracle communications convergence 3.0.2.2.0
oracle communications pricing design center 12.0.0.3.0
oracle communications session report manager
oracle communications session route manager
oracle jd edwards enterpriseone tools
oracle peoplesoft enterprise peopletools 8.56
oracle peoplesoft enterprise peopletools 8.57
oracle peoplesoft enterprise peopletools 8.58
oracle utilities framework 4.3.0.6.0
oracle utilities framework 4.4.0.0.0
oracle utilities framework 4.4.0.2.0
oracle utilities framework 4.4.0.3.0
oracle webcenter portal 11.1.1.9.0
oracle webcenter portal 12.2.1.3.0
oracle webcenter portal 12.2.1.4.0
oracle communications messaging server 8.0.2
oracle communications messaging server 8.1

Debian Bug report logs - #977683 bouncycastle: CVE-2020-28052 Package: src:bouncycastle; Maintainer for src:bouncycastle is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 18 Dec 2020 20:36:02 UTC Severity: grave Tags: patch, sec ...

An issue was discovered in Legion of the Bouncy Castle BC Java 165 and 166 The OpenBSDBCryptcheckPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different ...

Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2020-1695, CVE-2020-1723, CVE-2020-1725, CVE-2020-10770, CVE-2020-14302, CVE-2020-15522, CVE-2020-25711, CVE-2020-27838, CVE-2020-28052, CVE-2020-28491, CVE-2021-3424, CVE-2021-3712, CVE-2021-20195, CVE-2021-20202, CVE-2021-20222, CVE-2021-20262, CVE-2021-21290, C ...

A generative test that would've caught CVE-2020-28052

Generative testing bouncy castle vulnerability (CVE-2020-28052) Running the tests Test the vulnerable versions (defaults to 166) $ clojure -M:test $ clojure -M:test:v165 Test the versions before the vuln and after the patch (167) $ clojure -M:test:v164 $ clojure -M:test:patched Links www

githubcom/bcgit/bc-java/wiki/CVE-2020-28052 /gradlew run /gradlew build --refresh-dependencies

CVE-2020-28052

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect