CVE-2022-22976

MEDIUM

Spring Security 5.5.x < 5.5.7 and 5.6.x < 5.6.4 - Integer Overflow in BCrypt Work Factor

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-22976. PoCs published by spring-io.

AI-analyzed exploit summary This repository provides a tool to scan and update BCrypt password hashes affected by CVE-2022-22976, where a work factor of 31 causes the salt to be skipped. It includes a sample application and utilities to check and remediate vulnerable hashes in a database.

Description

Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.

Exploits (1)

nomisec SCANNER 1 stars

by spring-io · poc

https://github.com/spring-io/cve-2022-22976-bcrypt-skips-salt

View Code ZIP pw:eip

This repository provides a tool to scan and update BCrypt password hashes affected by CVE-2022-22976, where a work factor of 31 causes the salt to be skipped. It includes a sample application and utilities to check and remediate vulnerable hashes in a database.

Classification

Scanner 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Spring Security with BCryptPasswordEncoder (work factor 31)

No auth needed

Prerequisites: Access to password hashes in a database · Spring Security application using BCrypt with work factor 31

MITRE ATT&CK

T1110 - Brute Force

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Mitigation, Vendor Advisory x_refsource_misc

https://tanzu.vmware.com/security/cve-2022-22976

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpujul2022.html

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20220707-0003/

Scores

CVSS v3 5.3

EPSS 0.0036

EPSS Percentile 58.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-190

Status published

Products (6)

netapp/active_iq_unified_manager (3 CPE variants)

oracle/financial_services_crime_and_compliance_management_studio 8.0.8.2.0

oracle/financial_services_crime_and_compliance_management_studio 8.0.8.3.0

org.springframework.security/spring-security-core 5.2.0.RELEASE - 5.5.7Maven

vmware/spring_security 5.2.0

vmware/spring_security 5.2.1 - 5.5.7

Published May 19, 2022

Tracked Since Feb 18, 2026