Owasp · Bcrypt · CVE-2015-0886
**Name of the Vulnerable Software and Affected Versions**
jBCrypt versions prior to 0.4
**Description**
The issue is related to an integer overflow in the `crypt raw` method within the key-stretching implementation. This makes it easier for remote attackers to determine the cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.
**Recommendations**
For versions prior to 0.4, update to version 0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to password hashes to minimize the risk of exploitation.