CVE-2017-7252
Summary
The bcrypt password hashing algorithm in the Botan library, versions prior to 2.1.0, contains a vulnerability. This flaw improperly handles passwords with lengths between 57 and 72 characters, potentially allowing attackers to more easily decipher the original cleartext password.
IFF Assessment
FOE
This vulnerability allows attackers to more easily crack password hashes, directly undermining the security of stored credentials.
Severity
7.5
High
Defender Context
This highlights the importance of keeping cryptographic libraries updated to patch known vulnerabilities. Defenders should ensure their systems are using Botan version 2.1.0 or later and review their password hashing practices, especially if they rely on older versions of this library.