CVE-2017-7252

Metadata

medium
unknown
botan1.10
CVE-2017-7252
cve.mitre.org, botan.randombit.net
2017-04-13
2017-10-23 14:19
CVE-2017-7252 botan1.10
2017-07-20 21:31
2017-05-10 23:49
2017-04-14 10:21
2017-04-14 00:03

Description

Botan’s implementation of bcrypt password hashing scheme truncated long passwords at 56 characters, instead of at bcrypt’s standard 72 characters limit. Passwords with lengths between these two bounds could be cracked more easily than should be the case due to the final password bytes being ignored.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
artful botan1.10 None
devel botan1.10 None
trusty botan1.10 None
xenial botan1.10 None
zesty botan1.10 None

Unaffected

Release Package Reason
precise botan1.10 ignored
precise/esm botan1.10 DNE
vivid/stable-phone-overlay botan1.10 DNE
vivid/ubuntu-core botan1.10 DNE
yakkety botan1.10 ignored

Needs Triage

Release Package Reason
upstream botan1.10 needs-triage