📂 Vulnerable Library - jbcrypt-0.3m.jar
jBCrypt is a Java implementation of OpenBSD's Blowfish password hashing code, as described in A Future-Adaptable Password Scheme by Niels Provos and David Mazières, by Damien Miller.
Library home page: http://www.mindrot.org/
Path to dependency file: /app/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/mindrot/jbcrypt/0.3m/jbcrypt-0.3m.jar
Findings
| Finding |
Severity |
🎯 CVSS |
Exploit Maturity |
EPSS |
Library |
Type |
Fixed in |
Remediation Available |
Reachability |
| CVE-2015-0886 |
🟠 Medium |
6.9 |
Not Defined |
2.6000001% |
jbcrypt-0.3m.jar |
Direct |
org.mindrot:jbcrypt:0.4 |
✅ |
 Unreachable |
Details
🟠CVE-2015-0886
Vulnerable Library - jbcrypt-0.3m.jar
jBCrypt is a Java implementation of OpenBSD's Blowfish password hashing code, as described in A Future-Adaptable Password Scheme by Niels Provos and David Mazières, by Damien Miller.
Library home page: http://www.mindrot.org/
Path to dependency file: /app/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/mindrot/jbcrypt/0.3m/jbcrypt-0.3m.jar
Dependency Hierarchy:
- ❌ jbcrypt-0.3m.jar (Vulnerable Library)
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.
Publish Date: Feb 28, 2015 02:00 AM
URL: CVE-2015-0886
Threat Assessment
Exploit Maturity:Not Defined
EPSS:2.6000001%
Score: 6.9
Suggested Fix
Type: Upgrade version
Origin: GHSA-9h6p-92jq-888x
Release Date: Feb 28, 2015 02:00 AM
Fix Resolution : org.mindrot:jbcrypt:0.4
📂 Vulnerable Library - jbcrypt-0.3m.jar
jBCrypt is a Java implementation of OpenBSD's Blowfish password hashing code, as described in A Future-Adaptable Password Scheme by Niels Provos and David Mazières, by Damien Miller.
Library home page: http://www.mindrot.org/
Path to dependency file: /app/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/mindrot/jbcrypt/0.3m/jbcrypt-0.3m.jar
Findings
Details
🟠CVE-2015-0886
Vulnerable Library - jbcrypt-0.3m.jar
jBCrypt is a Java implementation of OpenBSD's Blowfish password hashing code, as described in A Future-Adaptable Password Scheme by Niels Provos and David Mazières, by Damien Miller.
Library home page: http://www.mindrot.org/
Path to dependency file: /app/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/mindrot/jbcrypt/0.3m/jbcrypt-0.3m.jar
Dependency Hierarchy:
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.
Publish Date: Feb 28, 2015 02:00 AM
URL: CVE-2015-0886
Threat Assessment
Exploit Maturity:Not Defined
EPSS:2.6000001%
Score: 6.9
Suggested Fix
Type: Upgrade version
Origin: GHSA-9h6p-92jq-888x
Release Date: Feb 28, 2015 02:00 AM
Fix Resolution : org.mindrot:jbcrypt:0.4