Common Weakness Enumeration

CWE-325

Allowed

Missing Cryptographic Step

Abstraction: Base · Status: Draft

The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.

91 vulnerabilities reference this CWE, most recent first.

GHSA-296V-W233-RG6J

Vulnerability from github – Published: 2023-07-05 21:30 – Updated: 2024-04-04 05:23
VLAI
Details

AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to the loss confidentiality, integrity, and authentication.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-34471"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-325"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-05T19:15:09Z",
    "severity": "HIGH"
  },
  "details": "\n AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to the loss confidentiality, integrity, and authentication.",
  "id": "GHSA-296v-w233-rg6j",
  "modified": "2024-04-04T05:23:59Z",
  "published": "2023-07-05T21:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34471"
    },
    {
      "type": "WEB",
      "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023006.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2G56-7JV7-WXXQ

Vulnerability from github – Published: 2022-05-14 01:37 – Updated: 2024-03-05 00:31
VLAI
Summary
Missing Cryptographic Step in OWASP Enterprise Security API for Java
Details

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against the intended cipher mode in a non-default configuration, a different vulnerability than CVE-2013-5679.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.1.0.0"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.owasp.esapi:esapi"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0.0"
            },
            {
              "fixed": "2.1.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2013-5960"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-325"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-08T19:39:44Z",
    "nvd_published_at": "2013-09-30T17:09:00Z",
    "severity": "MODERATE"
  },
  "details": "The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against the intended cipher mode in a non-default configuration, a different vulnerability than CVE-2013-5679.",
  "id": "GHSA-2g56-7jv7-wxxq",
  "modified": "2024-03-05T00:31:04Z",
  "published": "2022-05-14T01:37:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5960"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ESAPI/esapi-java-legacy/issues/359"
    },
    {
      "type": "WEB",
      "url": "https://github.com/esapi/esapi-java-legacy/issues/306"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ESAPI/esapi-java-legacy/commit/b7cbc53f9cc967cf1a5a9463d8c6fef9ed6ef4f7"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ESAPI/esapi-java-legacy"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ESAPI/esapi-java-legacy/blob/master/documentation/esapi4java-core-2.1.0.1-release-notes.txt"
    },
    {
      "type": "WEB",
      "url": "http://code.google.com/p/owasp-esapi-java/issues/detail?id=306"
    },
    {
      "type": "WEB",
      "url": "http://lists.owasp.org/pipermail/esapi-dev/2013-August/002285.html"
    },
    {
      "type": "WEB",
      "url": "http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/ESAPI-security-bulletin1.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Missing Cryptographic Step in OWASP Enterprise Security API for Java"
}

GHSA-2J43-X625-HW9Q

Vulnerability from github – Published: 2026-06-12 12:31 – Updated: 2026-06-12 12:31
VLAI
Details

A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure against CVE-2026-0714. However, an omission in the authorization session configuration causes the parameter encryption to provide no effective protection. An attacker with invasive physical access to the device can still capture TPM communications on the SPI bus and derive the LUKS disk encryption key in plaintext. While successful exploitation results in full compromise of the encrypted disk volume, the attack requires invasive physical access, including opening the device and attaching external equipment to the SPI bus. Remote exploitation is not possible, and the attack does not affect any downstream systems.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-9266"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-325"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-12T11:16:23Z",
    "severity": "HIGH"
  },
  "details": "A Missing Required Cryptographic Step vulnerability has been identified in Moxa\u0027s embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure against CVE-2026-0714. However, an omission in the authorization session configuration causes the parameter encryption to provide no effective protection.\u00a0An attacker with invasive physical access to the device can still capture TPM communications on the SPI bus and derive the LUKS disk encryption key in plaintext. While successful exploitation results in full compromise of the encrypted disk volume, the attack requires invasive physical access, including opening the device and attaching external equipment to the SPI bus. Remote exploitation is not possible, and the attack does not affect any downstream systems.",
  "id": "GHSA-2j43-x625-hw9q",
  "modified": "2026-06-12T12:31:34Z",
  "published": "2026-06-12T12:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9266"
    },
    {
      "type": "WEB",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-266240-cve-2026-9266-missing-required-cryptographic-step-vulnerability-in-industrial-computers"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-2W8X-224X-785M

Vulnerability from github – Published: 2026-03-17 06:31 – Updated: 2026-03-25 14:36
VLAI
Summary
sjcl is missing point-on-curve validation in sjcl.ecc.basicKey.publicKey
Details

All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The dhJavaEc() function directly returns the raw x-coordinate of the scalar multiplication result (no hashing), providing a plaintext oracle without requiring any decryption feedback.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.0.8"
      },
      "package": {
        "ecosystem": "npm",
        "name": "sjcl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-4258"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-325",
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-18T16:10:06Z",
    "nvd_published_at": "2026-03-17T06:16:18Z",
    "severity": "HIGH"
  },
  "details": "All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a victim\u0027s ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The dhJavaEc() function directly returns the raw x-coordinate of the scalar multiplication result (no hashing), providing a plaintext oracle without requiring any decryption feedback.",
  "id": "GHSA-2w8x-224x-785m",
  "modified": "2026-03-25T14:36:28Z",
  "published": "2026-03-17T06:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4258"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bitwiseshiftleft/sjcl/commit/ee307459972442a17beebc29dc331fffd8aff796"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/Kr0emer/2560f98edb10b0b34f2438cd63913c47"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/bitwiseshiftleft/sjcl"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bitwiseshiftleft/sjcl/blob/master/core/ecc.js#L454-L461"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JS-SJCL-15369617"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "sjcl is missing point-on-curve validation in sjcl.ecc.basicKey.publicKey"
}

GHSA-3CMQ-42W4-C529

Vulnerability from github – Published: 2022-05-24 19:16 – Updated: 2024-03-27 15:30
VLAI
Details

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (--ssl-reqd on the command line orCURLOPT_USE_SSL set to CURLUSESSL_CONTROL or CURLUSESSL_ALL withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations withoutTLS contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22946"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-319",
      "CWE-325"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-29T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "A user can tell curl \u003e= 7.20.0 and \u003c= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.",
  "id": "GHSA-3cmq-42w4-c529",
  "modified": "2024-03-27T15:30:35Z",
  "published": "2022-05-24T19:16:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22946"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1334111"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5197"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213183"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220121-0008"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20211029-0003"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202212-01"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Mar/29"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3CXM-476W-GHM2

Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-10 09:31
VLAI
Details

Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgroup membership.

Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r (a small prime factor of the cofactor (p−1)/q_local), and a public value Y of order r can recover the victim's private key after a small number of key exchange attempts.

When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the subgroup membership check Y^q ≡ 1 (mod p) is performed using the peer's own q parameter, not the local key's q. The peer's domain parameters are then matched against the domain parameters of the private key, but the value of q is not compared.

A malicious peer who presents an X9.42 key carrying the victim's p, g, a forged q = r (a small prime factor of the cofactor), and a public value Y of order r passes all checks. The shared secret then takes only r distinct values, leaking priv mod r. Repeating for each small-prime factor of the cofactor and combining via CRT recovers the full private key (Lim–Lee / small-subgroup-confinement attack).

The realistic attack surface is narrow: principally CMP deployments with long-lived RA/CA DHX keys and bespoke enterprise or government applications using X9.42 DHX static keys with interactive protocols and therefore this issue was assigned Low severity.

The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are affected by this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-42770"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-325"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T17:17:08Z",
    "severity": "LOW"
  },
  "details": "Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42)\npeer key, the peer key is not properly checked for the subgroup membership.\n\nImpact summary: A malicious peer which presents an X9.42 key carrying the\nvictim\u0027s p and g parameters, a forged q = r (a small prime factor of the\ncofactor (p\u22121)/q_local), and a public value Y of order r can recover the\nvictim\u0027s private key after a small number of key exchange attempts.\n\nWhen EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the\nsubgroup membership check Y^q \u2261 1 (mod p) is performed using the peer\u0027s\nown q parameter, not the local key\u0027s q. The peer\u0027s domain parameters are\nthen matched against the domain parameters of the private key, but the value\nof q is not compared.\n\nA malicious peer who presents an X9.42 key carrying the victim\u0027s p, g,\na forged q = r (a small prime factor of the cofactor), and a public\nvalue Y of order r passes all checks. The shared secret then takes only\nr distinct values, leaking priv mod r. Repeating for each small-prime\nfactor of the cofactor and combining via CRT recovers the full private\nkey (Lim\u2013Lee / small-subgroup-confinement attack).\n\nThe realistic attack surface is narrow: principally CMP deployments with\nlong-lived RA/CA DHX keys and bespoke enterprise or government applications\nusing X9.42 DHX static keys with interactive protocols and therefore this\nissue was assigned Low severity.\n\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are affected by this\nissue.",
  "id": "GHSA-3cxm-476w-ghm2",
  "modified": "2026-06-10T09:31:57Z",
  "published": "2026-06-09T18:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42770"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openssl/openssl/commit/3da5a516cd2635a320ff748503db2cef7c4b0f02"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openssl/openssl/commit/3ddbb7ab50bd93dfc59cbe08e269a67605aeebdb"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openssl/openssl/commit/5f452bba2c681423d8fcffd120a19b757ee42e3c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openssl/openssl/commit/7fbfde7677ed8808828bf00ff01c937ca04bdda2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openssl/openssl/commit/ca2237ab5615641b662183b077f62c08d75e8070"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openssl/security/commit/3da5a516cd2635a320ff748503db2cef7c4b0f02"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openssl/security/commit/3ddbb7ab50bd93dfc59cbe08e269a67605aeebdb"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openssl/security/commit/5f452bba2c681423d8fcffd120a19b757ee42e3c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openssl/security/commit/7fbfde7677ed8808828bf00ff01c937ca04bdda2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openssl/security/commit/ca2237ab5615641b662183b077f62c08d75e8070"
    },
    {
      "type": "WEB",
      "url": "https://openssl-library.org/news/secadv/20260609.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3JM5-8QWR-JVWM

Vulnerability from github – Published: 2022-05-13 01:52 – Updated: 2026-03-05 21:30
VLAI
Details

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-5383"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-325",
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-08-07T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.",
  "id": "GHSA-3jm5-8qwr-jvwm",
  "modified": "2026-03-05T21:30:23Z",
  "published": "2022-05-13T01:52:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5383"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2169"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4094-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4095-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4095-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4118-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4351-1"
    },
    {
      "type": "WEB",
      "url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/304725"
    },
    {
      "type": "WEB",
      "url": "http://www.cs.technion.ac.il/~biham/BT"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104879"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041432"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4FJV-PMHG-3RFG

Vulnerability from github – Published: 2020-12-04 16:47 – Updated: 2024-10-07 21:07
VLAI
Summary
Multiple cryptographic issues in Python oic
Details

Impact

  • Client implementations using this library

Issues

1) The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg. 2) JWA none algorithm was allowed in all flows. 3) oic.consumer.Consumer.parse_authz returns an unverified IdToken. The verification of the token was left to the discretion of the implementator. 4) iat claim was not checked for sanity (i.e. it could be in the future)

Patches

1) IdToken signature is now always checked. 2) JWA none algorithm is now allowed only if using the response_type code 3) IdToken verification is now done automatically. 4) iat claim is now checked for sanity.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "oic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-26244"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-325",
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-12-02T20:06:06Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\n* Client implementations using this library\n\n### Issues\n1) The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg.\n2) JWA `none` algorithm was allowed in all flows.\n3) `oic.consumer.Consumer.parse_authz` returns an unverified IdToken. The verification of the token was left to the discretion of the implementator.\n4) `iat` claim was not checked for sanity (i.e. it could be in the future)\n\n### Patches\n1) IdToken signature is now always checked.\n2) JWA `none` algorithm is now allowed only if using the `response_type` `code`\n3) IdToken verification is now done automatically.\n4) `iat` claim is now checked for sanity.",
  "id": "GHSA-4fjv-pmhg-3rfg",
  "modified": "2024-10-07T21:07:21Z",
  "published": "2020-12-04T16:47:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/OpenIDC/pyoidc/security/advisories/GHSA-4fjv-pmhg-3rfg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26244"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenIDC/pyoidc/commit/62f8d753fa17c8b1f29f8be639cf0b33afb02498"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/OpenIDC/pyoidc"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenIDC/pyoidc/releases/tag/1.2.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/oic/PYSEC-2020-69.yaml"
    },
    {
      "type": "WEB",
      "url": "https://pypi.org/project/oic"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Multiple cryptographic issues in Python oic"
}

GHSA-4H44-W6FM-548G

Vulnerability from github – Published: 2020-07-29 16:15 – Updated: 2024-02-05 10:43
VLAI
Summary
Potential Remote Code Execution in TYPO3 with mediace extension
Details

Meta

  • CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C (9.1)
  • CWE-325, CWE-20, CWE-200, CWE-502

Problem

It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains as described below.

  • TYPO3-CORE-SA-2020-007, CVE-2020-15099: Potential Privilege Escalation
  • the database server used for a TYPO3 installation must be accessible for an attacker (either via internet or shared hosting network)
  • CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C (7.5, high)
  • TYPO3-CORE-SA-2016-013, CVE-2016-5091: Insecure Deserialization & Remote Code Execution
  • an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C (9.1, critical)

The overall severity of this vulnerability is critical (9.1) based on mentioned attack chains and the fact it does not require any privileges.

Solution

In case the extension is not used and required at all, it is suggested to uninstall and remove it from the system completely. Otherwise, an updated version 7.6.5 is available from the TYPO3 extension manager, Packagist and the TYPO3 extension repository:

  • https://extensions.typo3.org/extension/download/mediace/7.6.5/zip/
  • https://packagist.org/packages/friendsoftypo3/mediace#7.6.5

As a precautionary measure it is advised to change encryptionKey and database credentials in typo3conf/LocalConfiguration.php.

Credits

Thanks to TYPO3 security team member Oliver Hader who reported and fixed the issue.

References

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "friendsoftypo3/mediace"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.6.2"
            },
            {
              "fixed": "7.6.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-15086"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-200",
      "CWE-325",
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-07-29T16:09:56Z",
    "nvd_published_at": "2020-07-29T17:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "\u003e ### Meta\n\u003e * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (9.1)\n\u003e * CWE-325, CWE-20, CWE-200, CWE-502\n\n### Problem\nIt has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains as described below.\n\n* [TYPO3-CORE-SA-2020-007](https://typo3.org/security/advisory/typo3-core-sa-2020-007), [CVE-2020-15099](https://nvd.nist.gov/vuln/detail/CVE-2020-15099): Potential Privilege Escalation\n  + the database server used for a TYPO3 installation must be accessible for an attacker (either via internet or shared hosting network)\n  + `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (7.5, high)\n* [TYPO3-CORE-SA-2016-013](https://typo3.org/security/advisory/typo3-core-sa-2016-013), [CVE-2016-5091](https://nvd.nist.gov/vuln/detail/CVE-2016-5091): Insecure Deserialization \u0026 Remote Code Execution\n  + an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation\n  + `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (9.1, critical)\n\nThe overall severity of this vulnerability is critical (9.1) based on mentioned attack chains and the fact it does not require any privileges.\n\n### Solution\nIn case the extension is not used and required at all, it is suggested to uninstall and remove it from the system completely. Otherwise, an updated version 7.6.5 is available from the TYPO3 extension manager, Packagist and the TYPO3 extension repository:\n\n* https://extensions.typo3.org/extension/download/mediace/7.6.5/zip/\n* https://packagist.org/packages/friendsoftypo3/mediace#7.6.5\n\nAs a precautionary measure it is advised to change `encryptionKey` and database credentials in `typo3conf/LocalConfiguration.php`.\n\n### Credits\nThanks to TYPO3 security team member Oliver Hader who reported and fixed the issue.\n\n### References\n* [TYPO3-EXT-SA-2020-014](https://typo3.org/security/advisory/typo3-ext-sa-2020-014)",
  "id": "GHSA-4h44-w6fm-548g",
  "modified": "2024-02-05T10:43:51Z",
  "published": "2020-07-29T16:15:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfTYPO3/mediace/security/advisories/GHSA-4h44-w6fm-548g"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15086"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfTYPO3/mediace/pull/31"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfTYPO3/mediace/commit/fa29ffd3e8b275782a8600d2406e1b1e5e16ae75"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/friendsoftypo3/mediace/CVE-2020-15086.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/FriendsOfTYPO3/mediace"
    },
    {
      "type": "WEB",
      "url": "https://typo3.org/security/advisory/typo3-ext-sa-2020-014"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Potential Remote Code Execution in TYPO3 with mediace extension"
}

GHSA-4R8R-CJR4-HVQR

Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32
VLAI
Details

Missing cryptographic step in Windows CryptoAPI allows an authorized attacker to perform tampering locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-55144"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-325"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T17:17:09Z",
    "severity": "HIGH"
  },
  "details": "Missing cryptographic step in Windows CryptoAPI allows an authorized attacker to perform tampering locally.",
  "id": "GHSA-4r8r-cjr4-hvqr",
  "modified": "2026-07-14T18:32:10Z",
  "published": "2026-07-14T18:32:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55144"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55144"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-68: Subvert Code-signing Facilities

Many languages use code signing facilities to vouch for code's identity and to thus tie code to its assigned privileges within an environment. Subverting this mechanism can be instrumental in an attacker escalating privilege. Any means of subverting the way that a virtual machine enforces code signing classifies for this style of attack.