Use of Password Hash With Insufficient Computational Effort and Use of a Broken or Risky Cryptographic Algorithm and Reversible One-Way Hash in hashing.py
CVE-2021-39182

7.5HIGH

Key Information:

Vendor: Morgan-phoenix
Status: Enrocrypt
Vendor: CVE Published:; 8 November 2021

🔔 Create Morgan-phoenix Vulnerability Alert

What is CVE-2021-39182?

EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of the product. As a workaround, users can remove the MD5 hashing function from the file hashing.py.

Affected Version(s)

EnroCrypt < 1.1.4

References

https://github.com/Morgan-Phoenix/EnroCrypt/security/advi...

x_refsource_CONFIRM

https://github.com/Morgan-Phoenix/EnroCrypt/commit/e652d5...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 8, 2021
Vulnerability Reserved
Aug 16, 2021

CVE-2021-39182 Data

JSON