CVE-2025-22228

Опубликовано: 20 мар. 2025

Источник: debian

EPSS Низкий

Описание

BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libspring-security-2.0-java	removed			package

EPSS

Процентиль: 27%

0.00093

Низкий

Связанные уязвимости

CVE-2025-22228

CVSS3: 7.4

redhat

9 месяцев назад

BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same.

CVE-2025-22228

CVSS3: 7.4

nvd

9 месяцев назад

BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same.

GHSA-mg83-c7gq-rv5c

CVSS3: 7.4

github

9 месяцев назад

Spring Security Does Not Enforce Password Length

EPSS

Процентиль: 27%

0.00093

Низкий