Описание
bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.
Ссылки
- Vendor Advisory
- Issue Tracking
- Vendor Advisory
- Issue Tracking
Уязвимые конфигурации
Конфигурация 1Версия от 1.11.0 (включая) до 2.1.0 (исключая)
cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*
EPSS
Процентиль: 26%
0.0009
Низкий
7.5 High
CVSS3
Дефекты
CWE-319
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 2 лет назад
bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.
CVSS3: 7.5
debian
больше 2 лет назад
bcrypt password hashing in Botan before 2.1.0 does not correctly handl ...
CVSS3: 7.5
github
больше 2 лет назад
bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.
EPSS
Процентиль: 26%
0.0009
Низкий
7.5 High
CVSS3
Дефекты
CWE-319