ALT-PU-2016-1073-1
Closed vulnerabilities
Published: 2015-02-28
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-0886
Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.
Severity: MEDIUM (5.0)
References:
- JVN#77718330
- JVN#77718330
- JVNDB-2015-000033
- JVNDB-2015-000033
- FEDORA-2015-3120
- FEDORA-2015-3120
- FEDORA-2015-3032
- FEDORA-2015-3032
- FEDORA-2015-2994
- FEDORA-2015-2994
- http://www.mindrot.org/projects/jBCrypt/news/rel04.html
- http://www.mindrot.org/projects/jBCrypt/news/rel04.html
- https://bugzilla.mindrot.org/show_bug.cgi?id=2097
- https://bugzilla.mindrot.org/show_bug.cgi?id=2097
- [cassandra-commits] 20210924 [jira] [Commented] (CASSANDRA-16990) Update jbcrypt library to 0.4 from 0.3m to resolve CVE-2015-0886
- [cassandra-commits] 20210924 [jira] [Commented] (CASSANDRA-16990) Update jbcrypt library to 0.4 from 0.3m to resolve CVE-2015-0886
- [cassandra-commits] 20210924 [jira] [Updated] (CASSANDRA-16990) Update jbcrypt library to 0.4 from 0.3m to resolve CVE-2015-0886
- [cassandra-commits] 20210924 [jira] [Updated] (CASSANDRA-16990) Update jbcrypt library to 0.4 from 0.3m to resolve CVE-2015-0886
- [cassandra-commits] 20210924 [jira] [Created] (CASSANDRA-16990) Update jbcrypt library to 0.4 from 0.3m to resolve CVE-2015-0886
- [cassandra-commits] 20210924 [jira] [Created] (CASSANDRA-16990) Update jbcrypt library to 0.4 from 0.3m to resolve CVE-2015-0886