You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
dghgit edited this page Dec 17, 2020
·
3 revisions
Issue affecting: BC 1.65 and BC 1.66.
Fixed versions: BC 1.67 or later
Issue: CWE-1025: Comparison Using Wrong Factors
Do not use OpenBSDBCrypt.checkPassword() in either BC 1.65 or BC 1.66. The bug is quite insidious as it can create the impression the code is working. It is not and any usage for BC 1.65 or BC 1.66 needs to be removed.
If you have to use either BC 1.65 or BC 1.66 and you need to do password checking for OpenBSDBcrypt use the code given in the doCheckPassword() method in: