Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0886

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2015-0886
Last Modified 24 Sep 2015 01:03:34
Published 27 Feb 2015 09:59:35
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-0886

Summary

Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.

Vulnerable Systems

Operating System

  • Fedoraproject Fedora 20

  • Fedoraproject Fedora 21

  • Fedoraproject Fedora 22

Application

  • Mindrot Jbcrypt 0.3


References

CONFIRM - https://bugzilla.mindrot.org/show_bug.cgi?id=2097

CONFIRM - http://www.mindrot.org/projects/jBCrypt/news/rel04.html

JVNDB - JVNDB-2015-000033

JVN - JVN#77718330

FEDORA - FEDORA-2015-2994

FEDORA - FEDORA-2015-3032

FEDORA - FEDORA-2015-3120


Last Updated: 27 May 2016 11:09:56