CVE-2015-0886

Name of the Vulnerable Software and Affected Versions jBCrypt versions prior to 0.4

Description The issue is related to an integer overflow in the crypt raw method within the key-stretching implementation. This makes it easier for remote attackers to determine the cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.

Recommendations For versions prior to 0.4, update to version 0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to password hashes to minimize the risk of exploitation.