This repository has been archived by the owner on Oct 11, 2023. It is now read-only.
Check if jBCrypt contains vulnerability CVE-2011-2483; add support for $2y$ prefix. #8
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
There was a vulnerability in Openwall's crypt_blowfish implementation (used by Linux and PHP) - for details see: http://www.openwall.com/lists/announce/2011/07/17/1
Need to verify whether this issue affects the jBCrypt implementation used by cfPassphrase (and if so, add appropriate fix).
In either case, support for$2y$ prefix (and potentially $2x$ prefix) should be added.
The text was updated successfully, but these errors were encountered: