CVE-2020-28052

Published Dec 18, 2020
Last updated a year ago
CVSS high 8.1
Overview

Description: An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.
Source: cve@mitre.org
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 8.1
Impact score: 5.9
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: NVD-CWE-Other
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.65:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2376544D-C966-4800-B6B6-B50E5EEAB485"
          },
          {
            "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.66:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53F165CD-778A-4EC6-B6EF-530988A13730"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:karaf:4.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39A638A5-E448-4516-A916-7D6E79168D1A"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CF9A061-2421-426D-9854-0A4E55B2961D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F95EDC3D-54BB-48F9-82F2-7CCF335FCA78"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B72B735F-4E52-484A-9C2C-23E6E2070385"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B36A1D4-F391-4EE3-9A65-0A10568795BA"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55116032-AAD1-4FEA-9DA8-2C4CBD3D3F61"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0275F820-40BE-47B8-B167-815A55DF578E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C8E145E-1DF0-4B18-B625-F04DF71F6ACF"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EABAFD73-150F-4DFE-B721-29EB4475D979"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A45D47B-3401-49CF-92EE-79D007D802A9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A8420D4-AAF1-44AA-BF28-48EE3ED310B9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FB80AC5-35F2-4703-AD93-416B46972EEB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19DAAEFF-AB4A-4D0D-8C86-D2F2811B53B1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1534C11-E3F5-49F3-8F8D-7C5C90951E69"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D952E04D-DE2D-4AE0-BFE6-7D9B7E55AC80"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1111BCFD-E336-4B31-A87E-76C684AC6DE4"
          },
          {
            "criteria": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0DBC938-A782-433F-8BF1-CA250C332AA7",
            "versionEndExcluding": "21.1.2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "441FD998-ABE6-4377-AAFA-FEAE42352FE8"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADE6EF8F-1F05-429B-A916-76FDB20CEB81"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DF939F5-C0E1-40A4-95A2-0CE7A03AB4EE"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7B49D71-6A31-497A-B6A9-06E84F086E7A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B7C949D-0AB3-4566-9096-014C82FC1CF1",
            "versionEndIncluding": "8.2.4.0",
            "versionStartIncluding": "8.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0BDC1A4-FA97-4BF9-93B8-BA3E5775C475",
            "versionEndIncluding": "8.2.4",
            "versionStartIncluding": "8.2.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E561CFF-BB8A-4CFD-916D-4410A9265922",
            "versionEndIncluding": "9.2.5.3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889"
          },
          {
            "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DF02546-3F0D-4FDD-89B1-8A3FE43FB5BF"
          },
          {
            "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F906F04-39E4-4BE4-8A73-9D058AAADB43"
          },
          {
            "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B393A82-476A-4270-A903-38ED4169E431"
          },
          {
            "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7756147-7168-4E03-93EE-31379F6BE88E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728"
          },
          {
            "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103"
          },
          {
            "criteria": "cpe:2.3:o:oracle:communications_messaging_server:8.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E819270D-AA7D-4B0E-990B-D25AB6E46FBC"
          },
          {
            "criteria": "cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7569C0BD-16C1-441E-BAEB-840C94BE73EF"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
