How "Strengthening Crypto" Broke Authentication: FreshRSS and bcrypt's 72-Byte Limit

hackerworkspace@infosec.exchange

How "Strengthening Crypto" Broke Authentication: FreshRSS and bcrypt's 72-Byte Limit

How "Strengthening Crypto" Broke Authentication: FreshRSS and bcrypt's 72-Byte Limit

As part of our CVE monitoring, we came across GHSA-pcq9-mq6m-mvmp (CVE-2025-68402), an authentication bypass in FreshRSS, a self-hosted RSS aggregator. It ...

Pentesterlab (pentesterlab.com)

Short summary: https://hackerworkspace.com/article/how-strengthening-crypto-broke-authentication-freshrss-and-bcrypt-s-72-byte-limit

#encryption #cybersecurity #vulnerability