Home > Vulnerability Database > CVE-2015-0886

Mend.io Vulnerability Database

CVE-2015-0886

Good to know:

Date: February 27, 2015

Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.

Language: Java

Severity Score

5.3

Related Resources (15)

Url: https://lists.apache.org/thread.html/rbd23e3ac8113b4da0a025c0e45170b6ec317383a1cf06090c2c717aa%40%3Ccommits.cassandra.apache.org%3E

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-0886

Url: http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151797.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151786.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151496.html

Url: https://bugzilla.mindrot.org/show_bug.cgi?id=2097

Url: http://www.mindrot.org/projects/jBCrypt/news/rel04.html

Url: http://jvndb.jvn.jp/jvndb/JVNDB-2015-000033

Url: https://lists.apache.org/thread.html/rd5c2256b8dc9935e4bb5e9be90adce58408054bb42523730a40c5548@%3Ccommits.cassandra.apache.org%3E

Url: https://lists.apache.org/thread.html/re330cfe9e5d84e3f7da8ace23ec32f38cb3fbd328bf177badd7ad942@%3Ccommits.cassandra.apache.org%3E

Url: https://lists.apache.org/thread.html/rbd23e3ac8113b4da0a025c0e45170b6ec317383a1cf06090c2c717aa@%3Ccommits.cassandra.apache.org%3E

Url: http://jvn.jp/en/jp/JVN77718330/index.html

Url: https://lists.apache.org/thread.html/re330cfe9e5d84e3f7da8ace23ec32f38cb3fbd328bf177badd7ad942%40%3Ccommits.cassandra.apache.org%3E

Url: https://lists.apache.org/thread.html/rd5c2256b8dc9935e4bb5e9be90adce58408054bb42523730a40c5548%40%3Ccommits.cassandra.apache.org%3E

Url: https://www.mend.io/vulnerability-database/CVE-2015-0886

Severity Score

5.3

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

Top Fix

Upgrade Version

Upgrade to version org.mindrot:jbcrypt:0.4

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-0886

Good to know:

Date: February 27, 2015

Language: Java

Severity Score

Related Resources (15)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?