Sha256: 53eec5bb70a6219cb451870899973e4f7474cb010f4d9e0c231224acb7174f96

Contents?: true

Size: 818 Bytes

Versions: 6

Compression:

Stored size: 818 Bytes

Contents

---
gem: bcrypt-ruby
platform: jruby
osvdb: 62067
url: http://www.mindrot.org/files/jBCrypt/internat.adv
title: bcrypt-ruby Gem for Ruby incorrect encoding of non US-ASCII characters (JRuby only)
date: 2010-02-01
description: |
  bcrypt-ruby Gem for Ruby suffered from a bug related to character
  encoding that substantially reduced the entropy of hashed passwords
  containing non US-ASCII characters. An incorrect encoding step
  transparently replaced such characters by '?' prior to hashing. In the
  worst case of a password consisting solely of non-US-ASCII characters,
  this would cause its hash to be equivalent to all other such passwords
  of the same length. This issue only affects the JRuby implementation.

  This gem has been renamed. Please use "bcrypt" from now on.
patched_versions:
  - ">= 2.1.4"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/bcrypt-ruby/OSVDB-62067.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/bcrypt-ruby/OSVDB-62067.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/bcrypt-ruby/OSVDB-62067.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/bcrypt-ruby/OSVDB-62067.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/bcrypt-ruby/OSVDB-62067.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/bcrypt-ruby/OSVDB-62067.yml