[Bug 1910] New: checkpw returns true when it shouldn't

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue May 31 04:34:22 EST 2011


https://bugzilla.mindrot.org/show_bug.cgi?id=1910

           Summary: checkpw returns true when it shouldn't
           Product: jBCrypt
           Version: unspecified
          Platform: amd64
        OS/Version: Other
            Status: NEW
          Severity: security
          Priority: P2
         Component: Default
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: jfrobishow at gmail.com


On Windows 7 64 bits JRE 6

Simple POC in Test.java.

I hashed a given password, when using checkpw against the hash it
returns true (if the seed is slightly modified, in my case I added aaa
at the end).

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list