How "Strengthening Crypto" Broke Authentication: FreshRSS and bcrypt's 72-Byte Limit

CVE-2025-68402 is an authentication bypass in the FreshRSS edge branch caused by changing the login nonce from a 40-character SHA-1 hex string to a 64-character SHA-256 hex string, which, combined with bcrypt's 72‑byte input limit, results in a vulnerability. The longer nonce pushed all password‑dependent bcrypt data past the truncation boundary, so password_verify() returned true for any password until the concatenation order was fixed.