Comparison Using Wrong Factors

CVE-2020-28052

High

8.1/10

Summary

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-1025 - Comparison Using Wrong Factors

The code performs a comparison between two entities, but the comparison examines the wrong factors or characteristics of the entities, which can lead to incorrect results and resultant weaknesses.

References

Advisory
Release Note
Advisory

Advisory Timeline

Published Dec 18, 2020

Comparison Using Wrong Factors

CVE-2020-28052

Summary

CWE-1025 - Comparison Using Wrong Factors

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS