exploitDog

CVE-2021-42583

Опубликовано: 28 дек. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy before 0.5.2, which is an unnecessary risk that may result in the exposure of sensitive information.

Ссылки

https://github.com/foxcpp/maddy/blob/df40dce1284cd0fd0a9e8e7894029553d653d0a5/internal/auth/shadow/verify.go
Third Party Advisory
https://github.com/foxcpp/maddy/releases/tag/v0.5.2
Release Notes
Third Party Advisory
https://github.com/foxcpp/maddy/blob/df40dce1284cd0fd0a9e8e7894029553d653d0a5/internal/auth/shadow/verify.go
Third Party Advisory
https://github.com/foxcpp/maddy/releases/tag/v0.5.2
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:foxcpp:maddy:*:*:*:*:*:*:*:*

Версия до 0.5.2 (исключая)

EPSS

Процентиль: 36%

0.00148

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-327

Связанные уязвимости

GHSA-5r5w-h76p-m726

github

около 4 лет назад

Use of a Broken or Risky Cryptographic Algorithm in Max Mazurov Maddy

EPSS

Процентиль: 36%

0.00148

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-327