CVE-2020-28052

HIGH

Legion of the Bouncy Castle BC Java <1.67 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-28052. PoCs published by kurenaif, madstap.

AI-analyzed exploit summary This PoC demonstrates a collision vulnerability in BouncyCastle's OpenBSDBCrypt password hashing algorithm (CVE-2020-28052), where different plaintexts produce the same hash. The code generates and checks password hashes to showcase the issue.

Description

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.

Exploits (2)

nomisec WORKING POC
by kurenaif · poc
https://github.com/kurenaif/CVE-2020-28052_PoC

This PoC demonstrates a collision vulnerability in BouncyCastle's OpenBSDBCrypt password hashing algorithm (CVE-2020-28052), where different plaintexts produce the same hash. The code generates and checks password hashes to showcase the issue.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: BouncyCastle (bcprov-jdk15on) versions before 1.68
No auth needed
Prerequisites: BouncyCastle library with vulnerable OpenBSDBCrypt implementation
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by madstap · poc
https://github.com/madstap/bouncy-castle-generative-test-poc

This repository provides instructions for testing CVE-2020-28052, an authentication bypass vulnerability in Bouncy Castle. It includes commands to test vulnerable and patched versions but does not contain actual exploit code.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Theoretical
Target: Bouncy Castle (versions 1.65, 1.66)
No auth needed
Prerequisites: Bouncy Castle library (vulnerable versions)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (26)

Core 26
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.bouncycastle.org/releasenotes.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuApr2021.html
Mitigation, Patch, Third Party Advisory x_refsource_misc
https://github.com/bcgit/bc-java/wiki/CVE-2020-28052
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com//security-alerts/cpujul2021.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujan2022.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2022.html

Scores

CVSS v3 8.1
EPSS 0.0714
EPSS Percentile 93.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (46)
apache/karaf 4.3.2
bouncycastle/bc-java 1.65
bouncycastle/bc-java 1.66
oracle/banking_corporate_lending_process_management 14.2.0
oracle/banking_corporate_lending_process_management 14.3.0
oracle/banking_corporate_lending_process_management 14.5.0
oracle/banking_credit_facilities_process_management 14.2.0
oracle/banking_credit_facilities_process_management 14.3.0
oracle/banking_credit_facilities_process_management 14.5.0
oracle/banking_extensibility_workbench 14.2.0
... and 36 more
Published Dec 18, 2020
Tracked Since Feb 18, 2026