CVE: 2015-0886 found in jBCrypt - Version: 0.3m [JAVA]

[github-actions[bot]]

Veracode Software Composition Analysis

Attribute	Details
Library	jBCrypt
Description	OpenBSD-style Blowfish password hashing for Java
Language	JAVA
Vulnerability	Information Disclosure Of Password Hashes Through Crypt_raw
Vulnerability description	Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.
CVE	2015-0886
CVSS score	5
Vulnerability present in version/s	0.3m-0.3m
Found library version/s	0.3m
Vulnerability fixed in version	0.4
Library latest version	0.4
Fix

Links:

• https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/4015?version=0.3m
• https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/1527
• Patch: https://github.com/jeremyh/jBCrypt/commit/e015c2c110ab7cf544400893f3543b45f359ff58