Sha256: 32f643eb7d4696cedee6100061a710af392a4acba9704c9076c28c8e6960243e

Contents?: true

Size: 750 Bytes

Versions: 6

Compression:

Stored size: 750 Bytes

Contents

---
gem: bcrypt
platform: jruby
osvdb: 62067
url: http://www.mindrot.org/files/jBCrypt/internat.adv
title: bcrypt-ruby Gem for Ruby incorrect encoding of non US-ASCII characters (JRuby only)
date: 2010-02-01
description: |
  bcrypt-ruby Gem for Ruby suffered from a bug related to character
  encoding that substantially reduced the entropy of hashed passwords
  containing non US-ASCII characters. An incorrect encoding step
  transparently replaced such characters by '?' prior to hashing. In the
  worst case of a password consisting solely of non-US-ASCII characters,
  this would cause its hash to be equivalent to all other such passwords
  of the same length. This issue only affects the JRuby implementation.
patched_versions:
  - ">= 2.1.4"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/bcrypt/OSVDB-62067.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/bcrypt/OSVDB-62067.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/bcrypt/OSVDB-62067.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/bcrypt/OSVDB-62067.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/bcrypt/OSVDB-62067.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/bcrypt/OSVDB-62067.yml