CVE-2025-22228

Опубликовано: 20 мар. 2025

Источник: nvd

CVSS3: 7.4

EPSS Низкий

Описание

BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same.

Ссылки

https://spring.io/security/cve-2025-22228
https://security.netapp.com/advisory/ntap-20250425-0009/

EPSS

Процентиль: 27%

0.00093

Низкий

7.4 High

CVSS3

Дефекты

CWE-287

Связанные уязвимости

CVE-2025-22228

CVSS3: 7.4

redhat

9 месяцев назад

BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same.

CVE-2025-22228

CVSS3: 7.4

debian

9 месяцев назад

BCryptPasswordEncoder.matches(CharSequence,String)will incorrectly ret ...

GHSA-mg83-c7gq-rv5c

CVSS3: 7.4

github

9 месяцев назад

Spring Security Does Not Enforce Password Length

EPSS

Процентиль: 27%

0.00093

Низкий

7.4 High

CVSS3

Дефекты

CWE-287