CVE-2021-39182
Last modified
CVE-2021-39182 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. EPSS estimates a 0.54% chance of exploitation in the next 30 days.
Description
EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of the product. As a workaround, users can remove the `MD5` hashing function from the file `hashing.py`.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Enrocrypt Project | Enrocrypt | < 1.1.4 |
References
- https://github.com/Morgan-Phoenix/EnroCrypt/commit/e652d56ac60eadfc26489ab83927af13a9b9d8ceExploit, Third Party Advisory
- https://github.com/Morgan-Phoenix/EnroCrypt/commit/e652d56ac60eadfc26489ab83927af13a9b9d8ceExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-39182?
How severe is CVE-2021-39182?
How do I fix CVE-2021-39182?
Are you affected by CVE-2021-39182?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST