Vulnerability in the jBCrypt key stretching process


jBCrypt is a Java implementation to compute password hashes. jBCrypt contains an integer overflow vulnerability in the key stretching process. An integer overflow occurs when the parameter for the repetition count is set to the maximum value allowed, 31.

Norito AGETSUMA reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None

This analysis assumes that a remote attacker obtains the hash value through the network.
Affected Products

  • jBCrypt -0.3 and earlier


When the hash value for a password is obtained by a remote attacker, a brute force attack may be used to easily recover the password.

[Update the Software]
Update to the latest version according to the information provided by the developer.
Vendor Information

CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2015-0886

  1. JVN : JVN#77718330
  2. National Vulnerability Database (NVD) : CVE-2015-0886
  3. Related document : OpenSSH: Bugs ([Bug 2097] if gensalt's log_rounds parameter is set to 31 it does 0 (ZERO) rounds!)
Revision History

  Web page was published
  References : Content was added