Your submission was sent successfully! Close

CVE-2017-7252

Published: 13 April 2017

Botan’s implementation of bcrypt password hashing scheme truncated long passwords at 56 characters, instead of at bcrypt’s standard 72 characters limit. Passwords with lengths between these two bounds could be cracked more easily than should be the case due to the final password bytes being ignored.

Notes

AuthorNote
sbeattie
introduced in 1.11.0
Priority

Medium

Status

Package Release Status
botan1.10
Launchpad, Ubuntu, Debian
artful Not vulnerable
(code not present)
bionic Not vulnerable
(code not present)
precise Does not exist
(precise was needed)
trusty Does not exist
(trusty was not-affected [code not present])
upstream
Released (2.1.0)
vivid Does not exist

xenial Not vulnerable
(code not present)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)