Integer overflow in the crypt_raw method in the key-stretching implementation in JBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.
{ "nvd_published_at": "2015-02-28T02:59:00Z", "github_reviewed_at": "2022-07-06T20:28:22Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-190" ] }