Описание
Spring Security Does Not Enforce Password Length
BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same.
Пакеты
org.springframework.security:spring-security-crypto
>= 6.3.0, < 6.3.8
6.3.8
org.springframework.security:spring-security-crypto
>= 6.4.0, < 6.4.4
6.4.4
org.springframework.security:spring-security-crypto
>= 6.2.0, <= 6.2.9
6.2.10
org.springframework.security:spring-security-crypto
>= 6.1.0, <= 6.1.13
6.1.14
org.springframework.security:spring-security-crypto
>= 6.0.0, <= 6.0.15
6.0.16
org.springframework.security:spring-security-crypto
>= 5.8.0, <= 5.8.17
5.8.18
org.springframework.security:spring-security-crypto
<= 5.7.15
5.7.16
Связанные уязвимости
BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same.
BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same.
BCryptPasswordEncoder.matches(CharSequence,String)will incorrectly ret ...