Use of Password Hash With Insufficient Computational Effort The advisory has been revoked - it doesn't affect any version of package bcrypt (opens in a new tab)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-RUBY-BCRYPT-20009
published31 Jan 2010
disclosed31 Jan 2010
creditUnknown

Report a new vulnerability Found a mistake?

Introduced: 31 Jan 2010

CWE-916 (opens in a new tab)

Overview

bcrypt gem provides a simple wrapper for safely handling passwords. Affected versions of this Gem are vulnerable to Use of Password Hash With Insufficient Computational Effort attacks.

References

http://rubysec.com/advisories/OSVDB-62067
http://www.mindrot.org/files/jBCrypt/internat.adv