Vulnerability Details CVE-2017-7252
bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.7%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2017-7252
-
cpe:2.3:a:botan_project:botan:1.11.0
-
cpe:2.3:a:botan_project:botan:1.11.1
-
cpe:2.3:a:botan_project:botan:1.11.10
-
cpe:2.3:a:botan_project:botan:1.11.11
-
cpe:2.3:a:botan_project:botan:1.11.12
-
cpe:2.3:a:botan_project:botan:1.11.13
-
cpe:2.3:a:botan_project:botan:1.11.14
-
cpe:2.3:a:botan_project:botan:1.11.15
-
cpe:2.3:a:botan_project:botan:1.11.16
-
cpe:2.3:a:botan_project:botan:1.11.17
-
cpe:2.3:a:botan_project:botan:1.11.18
-
cpe:2.3:a:botan_project:botan:1.11.19
-
cpe:2.3:a:botan_project:botan:1.11.2
-
cpe:2.3:a:botan_project:botan:1.11.20
-
cpe:2.3:a:botan_project:botan:1.11.21
-
cpe:2.3:a:botan_project:botan:1.11.22
-
cpe:2.3:a:botan_project:botan:1.11.23
-
cpe:2.3:a:botan_project:botan:1.11.24
-
cpe:2.3:a:botan_project:botan:1.11.25
-
cpe:2.3:a:botan_project:botan:1.11.26
-
cpe:2.3:a:botan_project:botan:1.11.27
-
cpe:2.3:a:botan_project:botan:1.11.28
-
cpe:2.3:a:botan_project:botan:1.11.29
-
cpe:2.3:a:botan_project:botan:1.11.3
-
cpe:2.3:a:botan_project:botan:1.11.30
-
cpe:2.3:a:botan_project:botan:1.11.31
-
cpe:2.3:a:botan_project:botan:1.11.32
-
cpe:2.3:a:botan_project:botan:1.11.33
-
cpe:2.3:a:botan_project:botan:1.11.34
-
cpe:2.3:a:botan_project:botan:1.11.4
-
cpe:2.3:a:botan_project:botan:1.11.5
-
cpe:2.3:a:botan_project:botan:1.11.6
-
cpe:2.3:a:botan_project:botan:1.11.7
-
cpe:2.3:a:botan_project:botan:1.11.8
-
cpe:2.3:a:botan_project:botan:1.11.9
-
cpe:2.3:a:botan_project:botan:2.0.0
-
cpe:2.3:a:botan_project:botan:2.0.1