EUVD-2021-30241

Malicious code in bioql PyPI...

Atlassian Jira Service Management Data Center and Server 5.12.x < 5.12.24 / 10.3.x < 10.3.7 / 10.4.x < 10.7.1 (JSDSERVER-16310)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16310 advisory. - BCryptPasswordEncoder.matchesCharSequence,String will incorrectly return true for passwords larger...

spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length

A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...

spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length

A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...

spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length

A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...

spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length

A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...

GHSA-MG83-C7GQ-RV5C Spring Security Does Not Enforce Password Length

BCryptPasswordEncoder.matchesCharSequence,String will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same...

CVE-2021-43298

The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver's response time until...

Design/Logic Flaw

The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver's response time until...

CVE-2021-43298

The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver's response time until...

CVE-2021-43298

CVE-2021-43298 corresponds to a vulnerability in Embedthis GoAhead web server where the password check for HTTP Basic authentication does not use constant-time comparison and lacks rate-limiting, enabling an unauthenticated attacker to brute-force the password by timing responses. Connected sourc...

Insecure Password Matching

bouncycastle is vulnerable to incorrect password matching. An attacker is able to pass an incorrect password and gets it accepted as a correct one due to a comparison error in the function OpenBSDBCrypt.checkPassword...

CVE-2020-28052

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different...

MS14-016: Vulnerability in Security Account Manager Remote (SAMR) protocol could allow security feature bypass: March 11, 2014

Resolves a vulnerability in Windows that could allow a security feature bypass if an attacker makes multiple attempts to match passwords to a username.IntroductionThis update resolves a vulnerability in Windows that could allow a security feature bypass if an attacker makes multiple attempts to...