A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. The vulnerability (CVE-2020-28052) can allow an attacker to gain access to user or administrator accounts due to a cryptographic weakness in the way passwords are checked. The Bcrypt.doCheckPassword() function responsible for performing a byte-by-byte password hash match has an erroneous logic in place. On average, 20% of tested passwords could be brute-forced on the first thousand attempts as a result of exploiting this vulnerability.
Source: https://www.bleepingcomputer.com/news/security/bouncy-castle-crypto-authentication-bypass-vulnerability-revealed/