[
https://issues.apache.org/jira/browse/TEZ-4458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mayank Kunwar updated TEZ-4458:
-------------------------------
Description: CVE-2020-28052 (HIGH severity) - An issue was discovered in
Legion of the Bouncy Castle BC Java 1.65 and 1.66. The
OpenBSDBCrypt.checkPassword utility method compared incorrect data when
checking the password, allowing incorrect passwords to indicate they were
matching with previously hashed ones that were different.
> Upgrade Bouncy Castle to 1.70 due to high CVEs
> ----------------------------------------------
>
> Key: TEZ-4458
> URL: https://issues.apache.org/jira/browse/TEZ-4458
> Project: Apache Tez
> Issue Type: Task
> Reporter: Mayank Kunwar
> Priority: Major
>
> CVE-2020-28052 (HIGH severity) - An issue was discovered in Legion of the
> Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility
> method compared incorrect data when checking the password, allowing incorrect
> passwords to indicate they were matching with previously hashed ones that
> were different.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
