Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2020-28052

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.

CVSS v3:

  • Severity: High
  • Score: 8.1
  • AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
apache / karaf 4.3.2 4.3.2.x
oracle / peoplesoft_enterprise_peopletools 8.56 8.56.x
oracle / webcenter_portal 12.2.1.3.0 12.2.1.3.0.x
oracle / webcenter_portal 11.1.1.9.0 11.1.1.9.0.x
oracle / peoplesoft_enterprise_peopletools 8.57 8.57.x
oracle / utilities_framework 4.3.0.6.0 4.3.0.6.0.x
oracle / utilities_framework 4.4.0.0.0 4.4.0.0.0.x
oracle / peoplesoft_enterprise_peopletools 8.58 8.58.x
oracle / webcenter_portal 12.2.1.4.0 12.2.1.4.0.x
oracle / utilities_framework 4.4.0.2.0 4.4.0.2.0.x
oracle / banking_extensibility_workbench 14.3.0 14.3.0.x
oracle / banking_virtual_account_management 14.3.0 14.3.0.x
oracle / banking_credit_facilities_process_management 14.3.0 14.3.0.x
oracle / banking_corporate_lending_process_management 14.3.0 14.3.0.x
oracle / communications_messaging_server 8.1 8.1.x
oracle / commerce_guided_search 11.3.2 11.3.2.x
oracle / communications_messaging_server 8.0.2 8.0.2.x
oracle / utilities_framework 4.4.0.3.0 4.4.0.3.0.x
oracle / communications_cloud_native_core_network_slice_selection_function 1.2.1 1.2.1.x
oracle / communications_pricing_design_center 12.0.0.3.0 12.0.0.3.0.x
oracle / communications_application_session_controller 3.9m0p3 3.9m0p3.x
oracle / jd_edwards_enterpriseone_tools - 9.2.5.3.x
oracle / banking_virtual_account_management 14.2.0 14.2.0.x
oracle / banking_virtual_account_management 14.5.0 14.5.0.x
oracle / banking_supply_chain_finance 14.2.0 14.2.0.x
oracle / banking_credit_facilities_process_management 14.2.0 14.2.0.x
oracle / banking_credit_facilities_process_management 14.5.0 14.5.0.x
oracle / banking_corporate_lending_process_management 14.2.0 14.2.0.x
oracle / banking_corporate_lending_process_management 14.5.0 14.5.0.x
oracle / communications_session_report_manager 8.0.0 8.2.4.0.x
oracle / banking_supply_chain_finance 14.5.0 14.5.0.x
oracle / banking_supply_chain_finance 14.3.0 14.3.0.x
oracle / banking_extensibility_workbench 14.2.0 14.2.0.x
oracle / banking_extensibility_workbench 14.5.0 14.5.0.x
oracle / communications_session_route_manager 8.2.0 8.2.4.x
oracle / communications_convergence 3.0.2.2.0 3.0.2.2.0.x
oracle / blockchain_platform - 21.1.2
org.bouncycastle / bcprov-jdk15to18 1.65 1.67
org.bouncycastle / bcprov-jdk15 1.65 1.67
org.bouncycastle / bcprov-jdk15on 1.65 1.67
org.bouncycastle / bcprov-ext-jdk15on 1.65 1.67
org.bouncycastle / bcprov-jdk14 1.65 1.67
org.bouncycastle / bcprov-jdk16 1.65 1.67
org.bouncycastle / bcprov-ext-jdk16 1.65 1.67
bouncycastle / bc-java 1.66 1.66.x
bouncycastle / bc-java 1.65 1.65.x