Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.mindrot:jbcrypt(Maven) | 0 | 0.4 | N/A |
CVSS Metrics
