Search

Find a vulnerability

Search criteria

    1 vulnerability by mindrot.org

    JVNDB-2015-000033

    Vulnerability from jvndb - Published: 2015-02-27 14:03 - Updated:2015-03-03 15:58
    Severity
    N/A (UNKNOWN) - -
    Summary
    Vulnerability in the jBCrypt key stretching process
    Details
    jBCrypt is a Java implementation to compute password hashes. jBCrypt contains an integer overflow vulnerability in the key stretching process. An integer overflow occurs when the parameter for the repetition count is set to the maximum value allowed, 31. Norito AGETSUMA reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000033.html",
      "dc:date": "2015-03-03T15:58+09:00",
      "dcterms:issued": "2015-02-27T14:03+09:00",
      "dcterms:modified": "2015-03-03T15:58+09:00",
      "description": "jBCrypt is a Java implementation to compute password hashes. jBCrypt contains an integer overflow vulnerability in the key stretching process. An integer overflow occurs when the parameter for the repetition count is set to the maximum value allowed, 31.\r\n\r\nNorito AGETSUMA reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000033.html",
      "sec:cpe": {
        "#text": "cpe:/a:mindrot:jbcrypt",
        "@product": "jBCrypt",
        "@vendor": "mindrot.org",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "2.6",
        "@severity": "Low",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2015-000033",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN77718330/index.html",
          "@id": "JVN#77718330",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0886",
          "@id": "CVE-2015-0886",
          "@source": "CVE"
        },
        {
          "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0886",
          "@id": "CVE-2015-0886",
          "@source": "NVD"
        },
        {
          "#text": "https://bugzilla.mindrot.org/show_bug.cgi?id=2097",
          "@id": "OpenSSH: Bugs  ([Bug 2097] if gensalt\u0027s log_rounds parameter is set to 31 it does 0 (ZERO) rounds!)",
          "@source": "Related document"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Vulnerability in the jBCrypt key stretching process"
    }