Bugzilla – Bug 1180215
VUL-0: CVE-2020-28052: bouncycastle: OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password
Last modified: 2022-06-28 12:35:23 UTC
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66.
The OpenBSDBCrypt.checkPassword utility method compared incorrect data when
checking the password, allowing incorrect passwords to indicate they were
matching with previously hashed ones that were different.
ouch, bad one
Only versions BC 1.65 or BC 1.66 affected, see:
Updated to version BC 1.67 in Factory:
No SLE code is affected.