GHSA-73xv-w5gp-frxh
Suggest an improvement- Source
- https://github.com/advisories/GHSA-73xv-w5gp-frxh
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-73xv-w5gp-frxh/GHSA-73xv-w5gp-frxh.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-73xv-w5gp-frxh
- Aliases
- Published
- 2021-04-30T16:14:15Z
- Modified
- 2024-03-08T05:18:41.838529Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Logic error in Legion of the Bouncy Castle BC Java
- Details
-
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-28052
- https://github.com/bcgit/bc-java/commit/97578f9b7ed277e6ecb58834e85e3d18385a4219
- https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.bouncycastle.org/releasenotes.html
- https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2@%3Cissues.karaf.apache.org%3E
- https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402@%3Cissues.karaf.apache.org%3E
- https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d@%3Cjira.kafka.apache.org%3E
- https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31@%3Cissues.karaf.apache.org%3E
- https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21@%3Cissues.karaf.apache.org%3E
- https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c@%3Cissues.karaf.apache.org%3E
- https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E
- https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94@%3Cissues.karaf.apache.org%3E
- https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc@%3Cissues.karaf.apache.org%3E
- https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc@%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b@%3Cissues.karaf.apache.org%3E
- https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013@%3Cissues.karaf.apache.org%3E
- https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53@%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe@%3Cissues.karaf.apache.org%3E
- https://github.com/bcgit/bc-java/wiki/CVE-2020-28052
- https://github.com/bcgit/bc-java
Affected packages
Maven / org.bouncycastle:bcprov-jdk15to18
Package
- Name
- org.bouncycastle:bcprov-jdk15to18
- View open source insights on deps.dev
- Purl
- pkg:maven/org.bouncycastle/bcprov-jdk15to18
Maven / org.bouncycastle:bcprov-jdk15
Package
- Name
- org.bouncycastle:bcprov-jdk15
- View open source insights on deps.dev
- Purl
- pkg:maven/org.bouncycastle/bcprov-jdk15
Maven / org.bouncycastle:bcprov-jdk15on
Package
- Name
- org.bouncycastle:bcprov-jdk15on
- View open source insights on deps.dev
- Purl
- pkg:maven/org.bouncycastle/bcprov-jdk15on
Maven / org.bouncycastle:bcprov-ext-jdk15on
Package
- Name
- org.bouncycastle:bcprov-ext-jdk15on
- View open source insights on deps.dev
- Purl
- pkg:maven/org.bouncycastle/bcprov-ext-jdk15on
Maven / org.bouncycastle:bcprov-jdk14
Package
- Name
- org.bouncycastle:bcprov-jdk14
- View open source insights on deps.dev
- Purl
- pkg:maven/org.bouncycastle/bcprov-jdk14
Maven / org.bouncycastle:bcprov-jdk16
Package
- Name
- org.bouncycastle:bcprov-jdk16
- View open source insights on deps.dev
- Purl
- pkg:maven/org.bouncycastle/bcprov-jdk16
Maven / org.bouncycastle:bcprov-ext-jdk16
Package
- Name
- org.bouncycastle:bcprov-ext-jdk16
- View open source insights on deps.dev
- Purl
- pkg:maven/org.bouncycastle/bcprov-ext-jdk16