3 matches found
CVE-2026-33306
A flaw was found in bcrypt-ruby, a Ruby binding for the OpenBSD bcrypt password hashing algorithm, specifically in its JRuby implementation. When the cost parameter is set to 31, an integer overflow occurs, causing the key-strengthening loop to execute zero iterations. This significantly weakens...
CVE-2026-33306 bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby
bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...
ecryptfs-utils: hard-coded passphrase salt
eCryptfs uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack. By default, the wrapping key is hashed with the default fixed salt 0x0011223344556677. This update introduces the version 2 wrapped-passphrase file...