Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1 vulnerability by mindrot.org

    JVNDB-2015-000033

    Vulnerability from jvndb - Published: 2015-02-27 14:03 - Updated:2015-03-03 15:58
    Severity
    N/A (UNKNOWN) - -
    Summary
    Vulnerability in the jBCrypt key stretching process
    Details
    jBCrypt is a Java implementation to compute password hashes. jBCrypt contains an integer overflow vulnerability in the key stretching process. An integer overflow occurs when the parameter for the repetition count is set to the maximum value allowed, 31. Norito AGETSUMA reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000033.html",
      "dc:date": "2015-03-03T15:58+09:00",
      "dcterms:issued": "2015-02-27T14:03+09:00",
      "dcterms:modified": "2015-03-03T15:58+09:00",
      "description": "jBCrypt is a Java implementation to compute password hashes. jBCrypt contains an integer overflow vulnerability in the key stretching process. An integer overflow occurs when the parameter for the repetition count is set to the maximum value allowed, 31.\r\n\r\nNorito AGETSUMA reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000033.html",
      "sec:cpe": {
        "#text": "cpe:/a:mindrot:jbcrypt",
        "@product": "jBCrypt",
        "@vendor": "mindrot.org",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "2.6",
        "@severity": "Low",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2015-000033",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN77718330/index.html",
          "@id": "JVN#77718330",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0886",
          "@id": "CVE-2015-0886",
          "@source": "CVE"
        },
        {
          "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0886",
          "@id": "CVE-2015-0886",
          "@source": "NVD"
        },
        {
          "#text": "https://bugzilla.mindrot.org/show_bug.cgi?id=2097",
          "@id": "OpenSSH: Bugs  ([Bug 2097] if gensalt\u0027s log_rounds parameter is set to 31 it does 0 (ZERO) rounds!)",
          "@source": "Related document"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Vulnerability in the jBCrypt key stretching process"
    }