FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bouncycastle15 -- bcrypt password checking vulnerability

Affected packages
1.65 <= bouncycastle15 < 1.67


VuXML ID 70e71a24-0151-11ec-bf0c-080027eedc6a
Discovery 2020-11-02
Entry 2021-08-20

The Bouncy Castle team reports:

The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.


CVE Name CVE-2020-28052