VDB
CVE-2020-28052
CVE-2020-28052
REJECTED
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.
EPSS 4.10% · 88.8th percentile
Risk Scores
EPSS Score
4.10%
88.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | bouncycastle | 1.68-5, 0, 1.68-2 |
| Ubuntu:20.04:LTS | bouncycastle | 1.61-1, 0 |
| Ubuntu:16.04:LTS | bouncycastle | 1.49+dfsg-3ubuntu1, 1.51-4ubuntu1, 0 |
| Ubuntu:24.04:LTS | bouncycastle | 1.77-1, 0, 1.72-2 |
| Ubuntu:25.10 | bouncycastle | 0, 1.77-1, 1.80-3 |
| Ubuntu:18.04:LTS | bouncycastle | 1.59-1, 1.58-1, 1.57-1 |
Exploit Intelligence
- kurenaif/CVE-2020-28052_PoC (github-poc)
- kurenaif/CVE-2020-28052_PoC (github-poc)
- kurenaif/CVE-2020-28052_PoC (github-poc)
- kurenaif/CVE-2020-28052_PoC (github-poc)
- kurenaif/CVE-2020-28052_PoC (github-poc)
- kurenaif/CVE-2020-28052_PoC (github-poc)
- kurenaif/CVE-2020-28052_PoC (github-poc)
- A generative test that would've caught CVE-2020-28052 (github-poc)
- A generative test that would've caught CVE-2020-28052 (github-poc)
- A generative test that would've caught CVE-2020-28052 (github-poc)
…and 21 more exploits
Timeline
- CVE Published
- Apr 14, 2021 EPSS Score
- May 29, 2021 EPSS Score
- Aug 10, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-28052 third-party-advisory
- https://github.com/bcgit/bc-java/wiki/CVE-2020-28052 third-party-advisory
- https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-28052 third-party-advisory