CVE-2017-15423

Summary

Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic.

Affected Software

VendorProductVersion RangeStatus
n/aGoogle Chrome prior to 63.0.3239.84 unknownGoogle Chrome prior to 63.0.3239.84 unknownaffected

Weaknesses

  • Cryptographic Flaw

ADP Enrichment

CVE Program Container

Additional References

References