DEBIAN-CVE-2020-28052

DEBIAN-CVE-2020-28052 PUBLISHED CVSS 8.100000381469727 HIGH

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.

Risk Scores

CVSS 3.1

8.100000381469727

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:14	bouncycastle	0, 0, 0
Debian:11	bouncycastle	0, 0, 0
Debian:13	bouncycastle	0, 0, 0
Debian:12	bouncycastle	0, 0, 0

Exploit Intelligence

kurenaif/CVE-2020-28052_PoC (github-poc)
A generative test that would've caught CVE-2020-28052 (github-poc)
releasenotes.html (github-poc)
druid-612f0710.json (github-poc)

Timeline

Dec 18, 2020 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2020-28052 advisory

Open in Interactive Console →