CVE-2025-22228

Опубликовано: 20 мар. 2025

Источник: debian

Описание

BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libspring-security-2.0-java	removed			package

Связанные уязвимости

CVE-2025-22228

CVSS3: 7.4

redhat

11 месяцев назад

BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same.

CVE-2025-22228

CVSS3: 7.4

nvd

11 месяцев назад

BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same.

GHSA-mg83-c7gq-rv5c

CVSS3: 7.4

github

11 месяцев назад

Spring Security Does Not Enforce Password Length