|Bouncy Castle API 1.65/1.66|
|Java/C# .NET applications|
- Google Messages
- Wish App
- Samsung Email
- Xiomi File Manager
- Amazon Alexa
- Applications using Bouncy Castle 1.65 or 1.66 are vulnerable to authentication bypass vulnerability.
- Attackers can bypass the authentication mechanism implemented by the affected Bouncy Castle library in the application.
- Authentication bypass can lead to unauthorized information disclosure
- Bcrypt hashing based authentications are widely used in web applications and APIs, this vulnerability compromises the security of such systems if not checked.