[Bug 1910] New: checkpw returns true when it shouldn't
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue May 31 04:34:22 EST 2011
https://bugzilla.mindrot.org/show_bug.cgi?id=1910
Summary: checkpw returns true when it shouldn't
Product: jBCrypt
Version: unspecified
Platform: amd64
OS/Version: Other
Status: NEW
Severity: security
Priority: P2
Component: Default
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: jfrobishow at gmail.com
On Windows 7 64 bits JRE 6
Simple POC in Test.java.
I hashed a given password, when using checkpw against the hash it
returns true (if the seed is slightly modified, in my case I added aaa
at the end).
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list