Security News > 2020 > December > Authentication Bypass Vulnerability Patched in Bouncy Castle Library

Authentication Bypass Vulnerability Patched in Bouncy Castle Library
2020-12-18 19:00

A high-severity authentication bypass vulnerability was recently addressed in the Bouncy Castle cryptography library.

Synopsys CyRC security researchers revealed this week that an authentication vulnerability they identified in the OpenBSDBcrypt class of the Java cryptography library could be abused to bypass password checks in applications relying on the library.

Successful exploitation of the vulnerability could result in authentication bypass, allowing the attacker to perform operations as a legitimate user, including administrators.

According to the security researchers, an attacker needs to perform brute-force attempts on the passwords until they can trigger the bypass.

Bouncy Castle 1.67 was released on November 1, 2020, with patches for the vulnerability.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/OjdxxOCoua0/authentication-bypass-vulnerability-patched-bouncy-castle-library