Your submission was sent successfully! Close

CVE-2017-7252

Published: 13 April 2017

Botan’s implementation of bcrypt password hashing scheme truncated long passwords at 56 characters, instead of at bcrypt’s standard 72 characters limit. Passwords with lengths between these two bounds could be cracked more easily than should be the case due to the final password bytes being ignored.

Priority

Medium

Status

Package Release Status
botan1.10
Launchpad, Ubuntu, Debian
Upstream
Released (2.1.0)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not present)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])