CWE-325
AllowedMissing Cryptographic Step
Abstraction: Base · Status: Draft
The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.
91 vulnerabilities reference this CWE, most recent first.
GHSA-H2WP-QQPW-35J4
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.
{
"affected": [],
"aliases": [
"CVE-2026-58638"
],
"database_specific": {
"cwe_ids": [
"CWE-325"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T18:18:46Z",
"severity": "MODERATE"
},
"details": "Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.",
"id": "GHSA-h2wp-qqpw-35j4",
"modified": "2026-07-14T18:32:42Z",
"published": "2026-07-14T18:32:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-58638"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58638"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H63V-HW6G-X8HP
Vulnerability from github – Published: 2024-12-09 21:31 – Updated: 2024-12-11 21:35due to a weakness in the encryption method used in cookie-encrypter an attack can use the world visible IV to edit encrypted cookies without decrypting the cookie itself. This is known as an AES CBC bit flipping attack.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "cookie-encrypter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-53441"
],
"database_specific": {
"cwe_ids": [
"CWE-325",
"CWE-327"
],
"github_reviewed": true,
"github_reviewed_at": "2024-12-11T21:35:13Z",
"nvd_published_at": "2024-12-09T20:15:20Z",
"severity": "HIGH"
},
"details": "due to a weakness in the encryption method used in cookie-encrypter an attack can use the world visible IV to edit encrypted cookies without decrypting the cookie itself. This is known as an AES CBC bit flipping attack.",
"id": "GHSA-h63v-hw6g-x8hp",
"modified": "2024-12-11T21:35:13Z",
"published": "2024-12-09T21:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53441"
},
{
"type": "WEB",
"url": "https://github.com/ebourmalo/cookie-encrypter/issues/9"
},
{
"type": "WEB",
"url": "https://crypto.stackexchange.com/questions/66085/bit-flipping-attack-on-cbc-mode"
},
{
"type": "WEB",
"url": "https://gist.github.com/mathysEthical/f45f1503f87381090e38a33c50eec971"
},
{
"type": "PACKAGE",
"url": "https://github.com/ebourmalo/cookie-encrypter"
},
{
"type": "WEB",
"url": "https://mathys.reboux.pro/CVE/2024/53441"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Bit flip attack vulnerability in cookie-encrypter"
}
GHSA-HCRG-QR57-HR37
Vulnerability from github – Published: 2025-05-22 15:34 – Updated: 2025-06-04 21:31Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
{
"affected": [],
"aliases": [
"CVE-2025-3938"
],
"database_specific": {
"cwe_ids": [
"CWE-325",
"CWE-327"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-22T13:15:56Z",
"severity": "MODERATE"
},
"details": "Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.\u00a0Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.",
"id": "GHSA-hcrg-qr57-hr37",
"modified": "2025-06-04T21:31:09Z",
"published": "2025-05-22T15:34:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3938"
},
{
"type": "WEB",
"url": "https://docs.niagara-community.com/category/tech_bull"
},
{
"type": "WEB",
"url": "https://www.honeywell.com/us/en/product-security#security-notices"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HGW8-7XF9-389H
Vulnerability from github – Published: 2025-05-29 18:31 – Updated: 2025-05-29 18:31A vulnerability, which was classified as problematic, has been found in fossasia open-event-server 1.19.1. This issue affects the function send_email_change_user_email of the file /fossasia/open-event-server/blob/development/app/api/helpers/mail.py of the component Mail Verification Handler. The manipulation leads to reliance on obfuscation or encryption of security-relevant inputs without integrity checking. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-5323"
],
"database_specific": {
"cwe_ids": [
"CWE-325"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-29T18:15:24Z",
"severity": "MODERATE"
},
"details": "A vulnerability, which was classified as problematic, has been found in fossasia open-event-server 1.19.1. This issue affects the function send_email_change_user_email of the file /fossasia/open-event-server/blob/development/app/api/helpers/mail.py of the component Mail Verification Handler. The manipulation leads to reliance on obfuscation or encryption of security-relevant inputs without integrity checking. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-hgw8-7xf9-389h",
"modified": "2025-05-29T18:31:20Z",
"published": "2025-05-29T18:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5323"
},
{
"type": "WEB",
"url": "https://gist.github.com/superboy-zjc/31ecea91b304b8dd9871ad507467ca61"
},
{
"type": "WEB",
"url": "https://gist.github.com/superboy-zjc/31ecea91b304b8dd9871ad507467ca61#proof-of-concept"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.310493"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.310493"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.580256"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-HHFG-FWRW-87W7
Vulnerability from github – Published: 2024-12-11 18:42 – Updated: 2024-12-11 18:42Summary
Versions of sigstore-python newer than 2.0.0 but prior to 3.6.0 perform insufficient validation of the "integration time" present in "v2" and "v3" bundles during the verification flow: the "integration time" is verified if a source of signed time (such as an inclusion promise) is present, but is otherwise trusted if no source of signed time is present.
This does not affect "v1" bundles, as the "v1" bundle format always requires an inclusion promise.
Details
Sigstore uses signed time to support verification of signatures made against short-lived signing keys.
Impact
The impact and severity of this weakness is low, as Sigstore contains multiple other enforcing components that prevent an attacker who modifies the integration timestamp within a bundle from impersonating a valid signature. In particular, an attacker who modifies the integration timestamp can induce a Denial of Service, but in no different manner than already possible with bundle access (e.g. modifying the signature itself such that it fails to verify).
Separately, an attacker could upload a new entry to the transparency service, and substitute their new entry's time. However, this would still be rejected at validation time, as the new entry's (valid) signed time would be outside the validity window of the original signing certificate and would nonetheless render the attacker auditable.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "sigstore"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "3.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-55655"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-325"
],
"github_reviewed": true,
"github_reviewed_at": "2024-12-11T18:42:00Z",
"nvd_published_at": "2024-12-10T23:15:06Z",
"severity": "LOW"
},
"details": "### Summary\n\nVersions of sigstore-python newer than 2.0.0 but prior to 3.6.0 perform insufficient validation of the \"integration time\" present in \"v2\" and \"v3\" bundles during the verification flow: the \"integration time\" is verified *if* a source of signed time (such as an inclusion promise) is present, but is otherwise trusted if no source of signed time is present.\n\nThis does not affect \"v1\" bundles, as the \"v1\" bundle format always requires an inclusion promise.\n\n### Details\n\nSigstore uses signed time to support verification of signatures made against short-lived signing keys. \n\n### Impact\n\nThe impact and severity of this weakness is *low*, as Sigstore contains multiple other enforcing components that prevent an attacker who modifies the integration timestamp within a bundle from impersonating a valid signature. In particular, an attacker who modifies the integration timestamp can induce a Denial of Service, but in no different manner than already possible with bundle access (e.g. modifying the signature itself such that it fails to verify).\n\nSeparately, an attacker could upload a *new* entry to the transparency service, and substitute their new entry\u0027s time. However, this would still be rejected at validation time, as the new entry\u0027s (valid) signed time would be outside the validity window of the original signing certificate and would nonetheless render the attacker auditable.\n",
"id": "GHSA-hhfg-fwrw-87w7",
"modified": "2024-12-11T18:42:00Z",
"published": "2024-12-11T18:42:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sigstore/sigstore-python/security/advisories/GHSA-hhfg-fwrw-87w7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55655"
},
{
"type": "WEB",
"url": "https://github.com/sigstore/sigstore-python/commit/300b502ae99ebfaace124f1f4e422a6a669369cf"
},
{
"type": "PACKAGE",
"url": "https://github.com/sigstore/sigstore-python"
},
{
"type": "WEB",
"url": "https://github.com/sigstore/sigstore-python/releases/tag/v3.6.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "sigstore has insufficient validation of integration timestamp during verification"
}
GHSA-JCP9-796G-PV9P
Vulnerability from github – Published: 2022-05-17 03:56 – Updated: 2024-03-20 17:42The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against authenticity in the default configuration, involving a null MAC and a zero MAC length.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.owasp.esapi:esapi"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2013-5679"
],
"database_specific": {
"cwe_ids": [
"CWE-325"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-07T23:29:01Z",
"nvd_published_at": "2013-09-30T17:09:00Z",
"severity": "LOW"
},
"details": "The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against authenticity in the default configuration, involving a null MAC and a zero MAC length.",
"id": "GHSA-jcp9-796g-pv9p",
"modified": "2024-03-20T17:42:32Z",
"published": "2022-05-17T03:56:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5679"
},
{
"type": "WEB",
"url": "https://github.com/ESAPI/esapi-java-legacy/commit/41138fef5f63d9cf0d5e05d2bee2c7f682ffef3f"
},
{
"type": "PACKAGE",
"url": "https://github.com/ESAPI/esapi-java-legacy"
},
{
"type": "WEB",
"url": "http://code.google.com/p/owasp-esapi-java/issues/detail?id=306"
},
{
"type": "WEB",
"url": "http://lists.owasp.org/pipermail/esapi-dev/2013-August/002285.html"
},
{
"type": "WEB",
"url": "http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/ESAPI-security-bulletin1.pdf"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Missing Cryptographic Step in OWASP Enterprise Security API for Java"
}
GHSA-M5VR-3M74-JWXP
Vulnerability from github – Published: 2020-07-29 16:15 – Updated: 2021-11-19 15:43Meta
- CVSS:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C(8.2)- CWE-325, CWE-20, CWE-200, CWE-502
Problem
It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains as described below.
- TYPO3-CORE-SA-2020-007, CVE-2020-15099: Potential Privilege Escalation
- the database server used for a TYPO3 installation must be accessible for an attacker (either via internet or shared hosting network)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C(7.5, high)- TYPO3-CORE-SA-2016-013, CVE-2016-5091: Insecure Deserialization & Remote Code Execution
- an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C(9.1, critical)
The overall severity of this vulnerability is high (8.2) based on mentioned attack chains and the requirement of having a valid backend user session (authenticated).
Solution
Update to TYPO3 versions 9.5.20 or 10.4.6 that fix the problem described.
Credits
Thanks to TYPO3 security team member Oliver Hader who reported and fixed the issue.
References
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-core"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.5.20"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-core"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.4.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.4.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.5.20"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-15098"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-200",
"CWE-325",
"CWE-327",
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2020-07-29T16:14:21Z",
"nvd_published_at": "2020-07-29T17:15:00Z",
"severity": "HIGH"
},
"details": "\u003e ### Meta\n\u003e * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (8.2)\n\u003e * CWE-325, CWE-20, CWE-200, CWE-502\n\n### Problem\nIt has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains as described below.\n\n* [TYPO3-CORE-SA-2020-007](https://typo3.org/security/advisory/typo3-core-sa-2020-007), [CVE-2020-15099](https://nvd.nist.gov/vuln/detail/CVE-2020-15099): Potential Privilege Escalation\n + the database server used for a TYPO3 installation must be accessible for an attacker (either via internet or shared hosting network)\n + `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (7.5, high)\n* [TYPO3-CORE-SA-2016-013](https://typo3.org/security/advisory/typo3-core-sa-2016-013), [CVE-2016-5091](https://nvd.nist.gov/vuln/detail/CVE-2016-5091): Insecure Deserialization \u0026 Remote Code Execution\n + an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation\n + `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (9.1, critical)\n\nThe overall severity of this vulnerability is **high (8.2)** based on mentioned attack chains and the requirement of having a valid backend user session (authenticated).\n\n### Solution\nUpdate to TYPO3 versions 9.5.20 or 10.4.6 that fix the problem described.\n\n### Credits\nThanks to TYPO3 security team member Oliver Hader who reported and fixed the issue.\n\n### References\n* [TYPO3-CORE-SA-2020-008](https://typo3.org/security/advisory/typo3-core-sa-2020-008)",
"id": "GHSA-m5vr-3m74-jwxp",
"modified": "2021-11-19T15:43:34Z",
"published": "2020-07-29T16:15:19Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5091"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15098"
},
{
"type": "WEB",
"url": "https://github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-15098.yaml"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-15098.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/TYPO3/TYPO3.CMS"
},
{
"type": "WEB",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2016-013"
},
{
"type": "WEB",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2020-008"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS"
}
GHSA-MR45-RX8Q-WCM9
Vulnerability from github – Published: 2023-10-31 21:19 – Updated: 2023-10-31 21:19Background
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing.
The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server 2.10 (Sep 2023) and newer for authentication callouts.
Problem Description
The nkeys library's "xkeys" encryption handling logic mistakenly passed an array by value into an internal function, where the function mutated that buffer to populate the encryption key to use. As a result, all encryption was actually to an all-zeros key.
This affects encryption only, not signing.
FIXME: FILL IN IMPACT ON NATS-SERVER AUTH CALLOUT SECURITY.
Affected versions
nkeys Go library: * 0.4.0 up to and including 0.4.5 * Fixed with nats-io/nkeys: 0.4.6
NATS Server: * 2.10.0 up to and including 2.10.3 * Fixed with nats-io/nats-server: 2.10.4
Solution
Upgrade the nats-server.
For any application handling auth callouts in Go, if using the nkeys library, update the dependency, recompile and deploy that in lockstep.
Credits
Problem reported by Quentin Matillat (GitHub @tinou98).
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.4.5"
},
"package": {
"ecosystem": "Go",
"name": "github.com/nats-io/nkeys"
},
"ranges": [
{
"events": [
{
"introduced": "0.4.0"
},
{
"fixed": "0.4.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.10.3"
},
"package": {
"ecosystem": "Go",
"name": "github.com/nats-io/nats-server/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.10.0"
},
{
"fixed": "2.10.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-46129"
],
"database_specific": {
"cwe_ids": [
"CWE-321",
"CWE-325"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-31T21:19:02Z",
"nvd_published_at": "2023-10-31T00:15:09Z",
"severity": "HIGH"
},
"details": "## Background\n\nNATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing.\n\nThe cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server 2.10 (Sep 2023) and newer for authentication callouts.\n\n## Problem Description\n\nThe nkeys library\u0027s \"xkeys\" encryption handling logic mistakenly passed an array by value into an internal function, where the function mutated that buffer to populate the encryption key to use. As a result, all encryption was actually to an all-zeros key.\n\nThis affects encryption only, not signing. \nFIXME: FILL IN IMPACT ON NATS-SERVER AUTH CALLOUT SECURITY.\n\n## Affected versions\n\nnkeys Go library:\n * 0.4.0 up to and including 0.4.5\n * Fixed with nats-io/nkeys: 0.4.6\n\nNATS Server:\n * 2.10.0 up to and including 2.10.3\n * Fixed with nats-io/nats-server: 2.10.4\n\n## Solution\n\nUpgrade the nats-server. \nFor any application handling auth callouts in Go, if using the nkeys library, update the dependency, recompile and deploy that in lockstep.\n\n## Credits\n\nProblem reported by Quentin Matillat (GitHub @tinou98).",
"id": "GHSA-mr45-rx8q-wcm9",
"modified": "2023-10-31T21:19:02Z",
"published": "2023-10-31T21:19:02Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nats-io/nkeys/security/advisories/GHSA-mr45-rx8q-wcm9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46129"
},
{
"type": "WEB",
"url": "https://github.com/nats-io/nkeys/commit/58fb9d69f42ea73fffad1d14e5914dc666f3daa1"
},
{
"type": "PACKAGE",
"url": "https://github.com/nats-io/nkeys"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/10/31/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "xkeys seal encryption used fixed key for all encryption"
}
GHSA-MRHM-MR9G-WPX6
Vulnerability from github – Published: 2026-03-02 18:31 – Updated: 2026-03-02 18:31Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.
{
"affected": [],
"aliases": [
"CVE-2025-47383"
],
"database_specific": {
"cwe_ids": [
"CWE-325"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-02T17:16:26Z",
"severity": "HIGH"
},
"details": "Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.",
"id": "GHSA-mrhm-mr9g-wpx6",
"modified": "2026-03-02T18:31:45Z",
"published": "2026-03-02T18:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47383"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2026-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P496-GR7F-4C2G
Vulnerability from github – Published: 2022-04-15 00:00 – Updated: 2022-04-23 00:03A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This issue affects: ebics-java/ebics-java-client versions prior to 1.2.
{
"affected": [],
"aliases": [
"CVE-2022-1279"
],
"database_specific": {
"cwe_ids": [
"CWE-325"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-14T08:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This issue affects: ebics-java/ebics-java-client versions prior to 1.2.",
"id": "GHSA-p496-gr7f-4c2g",
"modified": "2022-04-23T00:03:24Z",
"published": "2022-04-15T00:00:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1279"
},
{
"type": "WEB",
"url": "https://github.com/ebics-java/ebics-java-client/releases/tag/1.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-68: Subvert Code-signing Facilities
Many languages use code signing facilities to vouch for code's identity and to thus tie code to its assigned privileges within an environment. Subverting this mechanism can be instrumental in an attacker escalating privilege. Any means of subverting the way that a virtual machine enforces code signing classifies for this style of attack.