Description

Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error.

The default settings are not affected by this CVE.

Only in circumstances where the BCryptPasswordEncoder has been configured with the maximum work factor are affected. Due to current limitations in computer hardware, the use of such a high work factor is computationally impractical.

You need to be using BCrypt with a work factor of 31 to be impacted. You can check whether or not your passwords are impacted by using the following mitigation tool.

Affected Spring Products and Versions

• Spring Security
  • 5.5.x prior to 5.5.7
  • 5.6.x prior to 5.6.4
  • Earlier unsupported versions

Mitigation

Prior to updating to the latest, please update your BCryptPasswordEncoder to use a lower number of rounds. At the time of this writing, OWASP recommends a value of 10.

Then, use the above-referenced mitigation tool to update your password hashes.

Once your password hashes are updated, you should update your version according to the following: 5.5.x users should upgrade to 5.5.7, 5.6.x users should upgrade to 5.6.4, or users should upgrade to 5.7.0. After upgrading your Spring Security dependency, you should advise affected users to change their password.

A mitigation FAQ can also be found in the mitigation tool.

Releases that have fixed this issue include:

• Spring Security
  • 5.5.7
  • 5.6.4
  • 5.7.0

Credit

This issue was identified and responsibly reported by Eyal Kaspi.

References

• https://docs.spring.io/spring-security/site/docs/current/reference/html5/#authentication-password-storage
• https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:U/CR:M/IR:L/AR:L/MAV:L/MAC:H/MPR:H/MUI:N/MS:C/MC:H/MI:N/MA:N

History

• 2022-05-17: Initial vulnerability report published.