Home

CVE-2020-28052

Description

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
3.06

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.3.0Windows
Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.4.0Windows
Multiple vulnerabilities are affected in Oracle WebLogic Server 14.1.1.0.0Windows
Vulnerabilities CVE-2020-28052 are fixed in BouncyCastle-bcprov-jdk15on 1.67Windows
Vulnerabilities CVE-2020-28052 are fixed in BouncyCastle-bcprov-jdk15to18 1.67Windows
Vulnerabilities CVE-2020-28052 are fixed in BouncyCastle-bcprov-ext-jdk15on 1.67Windows
Vulnerabilities CVE-2020-28052 are fixed in BouncyCastle-bcprov-ext-jdk16 1.67Windows
Vulnerabilities CVE-2020-28052 are fixed in BouncyCastle-bcprov-jdk16 1.67Windows
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.56Windows
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.57Windows
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.58Windows
Vulnerabilities CVE-2020-28052 are fixed in BouncyCastle - bcprov-jdk14 1.67Windows
Vulnerabilities CVE-2020-28052 are fixed in BouncyCastle - bcprov-jdk15 1.67Windows
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-debuginfo-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-debugsource-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-devel-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-devel-debuginfo-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-obs-build-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-obs-build-debugsource-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-syms-5.14.21-150400.24.49.4.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Legacy Module 15-SP4 ) reiserfs-kmp-default-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Legacy Module 15-SP4 ) reiserfs-kmp-default-debuginfo-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-devel-5.14.21-150400.24.49.4.noarch.rpmLinux
SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-docs-5.14.21-150400.24.49.4.noarch.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-macros-5.14.21-150400.24.49.4.noarch.rpmLinux
SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-source-5.14.21-150400.24.49.4.noarch.rpmLinux
Vulnerabilities CVE-2020-28052 are fixed in BouncyCastle-bcprov-jdk15on for Linux 1.67Linux
Vulnerabilities CVE-2020-28052 are fixed in BouncyCastle-bcprov-jdk15to18 for Linux 1.67Linux
Vulnerabilities CVE-2020-28052 are fixed in BouncyCastle-bcprov-ext-jdk15on for Linux 1.67Linux
Vulnerabilities CVE-2020-28052 are fixed in BouncyCastle-bcprov-ext-jdk16 for Linux 1.67Linux
Vulnerabilities CVE-2020-28052 are fixed in BouncyCastle-bcprov-jdk16 for Linux 1.67Linux
Vulnerabilities CVE-2020-28052 are fixed in BouncyCastle - bcprov-jdk14 for Linux 1.67Linux
Vulnerabilities CVE-2020-28052 are fixed in BouncyCastle - bcprov-jdk15 for Linux 1.67Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234