Use of Password Hash With Insufficient Computational Effort The advisory has been revoked - it doesn't affect any version of package bcrypt Open this link in a new tab

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-RUBY-BCRYPT-20009
published 31 Jan 2010
disclosed 31 Jan 2010
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 31 Jan 2010

CWE-916 Open this link in a new tab

Overview

bcrypt gem provides a simple wrapper for safely handling passwords. Affected versions of this Gem are vulnerable to Use of Password Hash With Insufficient Computational Effort attacks.

References

http://rubysec.com/advisories/OSVDB-62067
http://www.mindrot.org/files/jBCrypt/internat.adv