46 matches found
Use Of Predictable Salt
jasypt-spring-boot is vulnerable to Use of Predictable Salt. The vulnerability is due to the getSecretKeySaltGenerator implementation in SimpleGCMConfig.java, which can generate predictable salts for password hashing operations. This reduces the effectiveness of the one-way hash and may allow...
CVE-2026-9370
A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...
Use of a One-Way Hash with a Predictable Salt
Overview Affected versions of this package are vulnerable to Use of a One-Way Hash with a Predictable Salt in the getSecretKeySaltGenerator function of the Password Hash Handler component. An attacker can compromise the confidentiality of hashed secrets by exploiting the use of a predictable salt...
biz.devstack.springframework.boot:spring-boot-starter-api (>=1.0.0 <=1.2.1), biz.devstack:spring-boot-starter-api-quickstart (>=1.0.0 <=1.0.4) +654 more potentially affected by CVE-2026-9370 via com.github.ulisesbocchio:jasypt-spring-boot (>=3.0.4 <=4.0.4)
com.github.ulisesbocchio:jasypt-spring-boot MAVEN version =3.0.4, =1.0.0, =1.0.0, =1.0, =1.0.4 - cn.com.tltim.pigx:mybatis-enhance =5.0.0-20240820 - cn.com.tltim.pigx:pigx =5.0.0-20240820 - cn.com.tltim.pigx:pigx-common =5.0.0-20240820 - cn.com.tltim.pigx:pigx-common-audit =5.0.0-20240820 -...
CVE-2026-9370
A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...
CVE-2026-9370
CVE-2026-9370 affects ulisesbocchio jasypt-spring-boot up to versions 3.0.5/4.0.4. The vulnerability is in getSecretKeySaltGenerator within SimpleGCMConfig.java of the Password Hash Handler. The underlying issue is a manipulation that leads to the use of a one-way hash with a predictable salt. Th...
CVE-2026-9370 ulisesbocchio jasypt-spring-boot Password Hash SimpleGCMConfig.java getSecretKeySaltGenerator hash predictable salt
A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...
CVE-2026-9370
A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...
EUVD-2026-31584
A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...
CVE-2026-9370 ulisesbocchio jasypt-spring-boot Password Hash SimpleGCMConfig.java getSecretKeySaltGenerator hash predictable salt
A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...
CVE-2026-9370 ulisesbocchio jasypt-spring-boot Password Hash SimpleGCMConfig.java getSecretKeySaltGenerator hash predictable salt
A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...
jasypt-spring-boot 安全漏洞
jasypt-spring-boot is an integration tool developed by Ulises Bocchio, a personal developer, that provides attribute encryption support for Spring Boot applications. There are security vulnerabilities in versions of jasypt-spring-boot 3.0.5 and earlier, as well as versions 4.0.4 and earlier. Thes...
PT-2026-42931
Name of the Vulnerable Software and Affected Versions ulisesbocchio jasypt-spring-boot versions prior to 3.0.6 ulisesbocchio jasypt-spring-boot versions prior to 4.0.5 Description A weakness in the Password Hash Handler component allows for the use of a one-way hash with a predictable salt. This...
EUVD-2022-5095
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2014-9970
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jasypt before 1.9.2 allows a timing attack against the password hash comparison. CVE-2014-9970 Note that Nessus relies on the presence of the package as reporte...
GHSA-R5C2-RXH2-F5H2 Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt
jasypt before 1.9.2 allows a timing attack against the password hash comparison...
au.net.causal.projo:projo (>=1.0 <=1.1), au.net.causal.projo:projo-jodatime (>=1.0 <=1.1) +1208 more potentially affected by CVE-2014-9970 via org.jasypt:jasypt (>=1.0 <=1.9.1)
org.jasypt:jasypt MAVEN version =1.0, =1.0, =1.0, =1.0, =1.0, =0.1, =0.1, =4.4-4, =6.0-2, =4.4-19, =4.4-5, =4.4-4, =4.4-4, =4.4-4, =4.4-4, =4.4-4, =4.5.1-rc-8 and more Source cves: CVE-2014-9970 Source advisory: OSV:GHSA-R5C2-RXH2-F5H2...
CVE-2014-9970
A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison...
Timing Attack
jasypt is vulnerable to timing attacks. The attacks are possible because it uses Arrays.equals to verify passwords with different lengths, thereby revealing the time taken to compare the passwords...
jasypt: Vulnerable to timing attack against the password hash comparison
A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison...