Common Weakness Enumeration

CWE-326

Allowed-with-Review

Inadequate Encryption Strength

Abstraction: Class · Status: Draft

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

631 vulnerabilities reference this CWE, most recent first.

GHSA-3276-P9F2-8Q89

Vulnerability from github – Published: 2022-04-21 01:57 – Updated: 2024-02-07 21:31
VLAI
Summary
TYPO3 is vulnerable to insecure randomness during hash generation in forgot password function
Details

TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-frontend"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-frontend"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.4.0"
            },
            {
              "fixed": "4.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2010-3670"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-07T21:31:25Z",
    "nvd_published_at": "2019-11-05T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the \"forgot password\" function.",
  "id": "GHSA-3276-p9f2-8q89",
  "modified": "2024-02-07T21:31:25Z",
  "published": "2022-04-21T01:57:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3670"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TYPO3/typo3/commit/09ab77653161f23e266470a5984d4d5e64588355"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TYPO3/typo3/commit/c03e944d200bf427bb18cad15f2ad36bc83061c9"
    },
    {
      "type": "WEB",
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/TYPO3-CMS/frontend"
    },
    {
      "type": "WEB",
      "url": "https://security-tracker.debian.org/tracker/CVE-2010-3670"
    },
    {
      "type": "WEB",
      "url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Insecure_Randomness"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "TYPO3 is vulnerable to insecure randomness during hash generation in forgot password function"
}

GHSA-33J2-92XF-FWM3

Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2023-07-06 19:24
VLAI
Details

HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. Fixed in 1.13.2

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2197"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-01T20:15:14Z",
    "severity": null
  },
  "details": "HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the\u00a0CKM_AES_CBC_PAD or\u00a0CKM_AES_CBC encryption mechanisms.\u00a0An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault\u2019s root key. Fixed in 1.13.2",
  "id": "GHSA-33j2-92xf-fwm3",
  "modified": "2023-07-06T19:24:19Z",
  "published": "2023-07-06T19:24:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2197"
    },
    {
      "type": "WEB",
      "url": "https://discuss.hashicorp.com/t/hcsec-2023-14-vault-enterprise-vulnerable-to-padding-oracle-attacks-when-using-a-cbc-based-encryption-mechanism-with-a-hsm/53322"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-35HG-F9QQ-236G

Vulnerability from github – Published: 2023-10-17 15:30 – Updated: 2024-04-04 08:43
VLAI
Details

Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-43776"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-261",
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-17T13:15:11Z",
    "severity": "MODERATE"
  },
  "details": "Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending).",
  "id": "GHSA-35hg-f9qq-236g",
  "modified": "2024-04-04T08:43:07Z",
  "published": "2023-10-17T15:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43776"
    },
    {
      "type": "WEB",
      "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2023-1010.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-35M5-8CVJ-8783

Vulnerability from github – Published: 2021-11-10 16:28 – Updated: 2024-09-20 16:50
VLAI
Summary
Improper hashing in enrocrypt
Details

Impact

The vulnerability is we used MD5 hashing Algorithm In our hashing file. If anyone who is a beginner(and doesn't know about hashes) can face problems as MD5 is considered a Insecure Hashing Algorithm.

Patches

The vulnerability is patched in v1.1.4 of the product, the users can upgrade to version 1.1.4.

Workarounds

If u specifically want a version and don't want to upgrade, you can remove the MD5 hashing function from the file hashing.py and this vulnerability will be gone

References

https://www.cybersecurity-help.cz/vdb/cwe/916/ https://www.cybersecurity-help.cz/vdb/cwe/327/ https://www.cybersecurity-help.cz/vdb/cwe/328/ https://www.section.io/engineering-education/what-is-md5/ https://www.johndcook.com/blog/2019/01/24/reversing-an-md5-hash/

For more information

If you have any questions or comments about this advisory: * Open an issue in Enrocrypt's Official Repo * Create a Discussion in Enrocrypt's Official Repo

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "enrocrypt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-39182"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326",
      "CWE-327",
      "CWE-328",
      "CWE-916"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-11-08T18:58:04Z",
    "nvd_published_at": "2021-11-08T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nThe vulnerability is we used MD5 hashing Algorithm In our hashing file. If anyone who is a beginner(and doesn\u0027t know about hashes)  can face problems as MD5 is considered a Insecure Hashing Algorithm. \n\n### Patches\nThe vulnerability is patched in v1.1.4 of the product, the users can upgrade to version 1.1.4.\n\n### Workarounds\nIf u specifically want a version and don\u0027t want to upgrade, you can remove the `MD5` hashing function from the file `hashing.py` and this vulnerability will be gone\n\n### References\nhttps://www.cybersecurity-help.cz/vdb/cwe/916/\nhttps://www.cybersecurity-help.cz/vdb/cwe/327/\nhttps://www.cybersecurity-help.cz/vdb/cwe/328/\nhttps://www.section.io/engineering-education/what-is-md5/\nhttps://www.johndcook.com/blog/2019/01/24/reversing-an-md5-hash/\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [**Enrocrypt\u0027s Official Repo**](http://www.github.com/Morgan-Phoenix/EnroCrypt)\n* Create a Discussion in  [**Enrocrypt\u0027s Official Repo**](http://www.github.com/Morgan-Phoenix/EnroCrypt)\n",
  "id": "GHSA-35m5-8cvj-8783",
  "modified": "2024-09-20T16:50:32Z",
  "published": "2021-11-10T16:28:46Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Morgan-Phoenix/EnroCrypt/security/advisories/GHSA-35m5-8cvj-8783"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39182"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Morgan-Phoenix/EnroCrypt/commit/e652d56ac60eadfc26489ab83927af13a9b9d8ce"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Morgan-Phoenix/EnroCrypt"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/enrocrypt/PYSEC-2021-385.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Improper hashing in enrocrypt"
}

GHSA-36H5-VRQ6-PP34

Vulnerability from github – Published: 2026-01-13 14:53 – Updated: 2026-01-21 16:23
VLAI
Summary
Jervis's Salt for PBKDF2 derived from password
Details

Vulnerability

https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy#L869-L870

https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy#L894-L895

The salt is derived from sha256Sum(passphrase). Two encryption operations with the same password will have the same derived key.

Impact

Pre-computation attacks.

Severity is considered low for internal uses of this library and high for consumers of this library.

Patches

Jervis will generate a random salt for each password and store it alongside the ciphertext.

Upgrade to Jervis 2.2.

Workarounds

None

References

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "net.gleske:jervis"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-68703"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-13T14:53:50Z",
    "nvd_published_at": "2026-01-13T20:16:07Z",
    "severity": "HIGH"
  },
  "details": "### Vulnerability\n\nhttps://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy#L869-L870\n\nhttps://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy#L894-L895\n\nThe salt is derived from sha256Sum(passphrase).  Two encryption operations with the same password will have the same derived key.\n\n### Impact\n\nPre-computation attacks.\n\nSeverity is considered low for internal uses of this library and high for consumers of this library.\n\n### Patches\n\nJervis will generate a random salt for each password and store it alongside the ciphertext.\n\nUpgrade to Jervis 2.2.\n\n### Workarounds\n\nNone\n\n### References\n\n- [NIST SP 800-132: Password-Based Key Derivation](https://csrc.nist.gov/publications/detail/sp/800-132/final)",
  "id": "GHSA-36h5-vrq6-pp34",
  "modified": "2026-01-21T16:23:01Z",
  "published": "2026-01-13T14:53:50Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/samrocketman/jervis/security/advisories/GHSA-36h5-vrq6-pp34"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68703"
    },
    {
      "type": "WEB",
      "url": "https://github.com/samrocketman/jervis/commit/c3981ff71de7b0f767dfe7b37a2372cb2a51974a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/samrocketman/jervis"
    },
    {
      "type": "WEB",
      "url": "https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy#L869-L870"
    },
    {
      "type": "WEB",
      "url": "https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy#L894-L895"
    },
    {
      "type": "WEB",
      "url": "http://github.com/samrocketman/jervis/commit/c3981ff71de7b0f767dfe7b37a2372cb2a51974a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Jervis\u0027s Salt for PBKDF2 derived from password"
}

GHSA-39VM-P9MR-4R27

Vulnerability from github – Published: 2022-05-17 05:22 – Updated: 2024-09-12 21:05
VLAI
Summary
Beaker Sensitive Information Disclosure vulnerability
Details

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "beaker"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2012-3458"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-01T10:58:46Z",
    "nvd_published_at": "2012-09-15T17:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.",
  "id": "GHSA-39vm-p9mr-4r27",
  "modified": "2024-09-12T21:05:41Z",
  "published": "2022-05-17T05:22:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3458"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328fe5"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=809267"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/bbangert/beaker"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/beaker/PYSEC-2012-1.yaml"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20140724164516/http://secunia.com/advisories/50226"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20140725025612/http://secunia.com/advisories/50520"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2012/dsa-2541"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/08/13/10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Beaker Sensitive Information Disclosure vulnerability"
}

GHSA-3F38-96QM-R3FW

Vulnerability from github – Published: 2023-11-09 18:34 – Updated: 2023-11-15 18:21
VLAI
Summary
esptool allows attackers to view sensitive information via weak cryptographic algorithm
Details

An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "esptool"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "4.6.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-46894"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-09T22:10:33Z",
    "nvd_published_at": "2023-11-09T16:15:34Z",
    "severity": "HIGH"
  },
  "details": "An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm.",
  "id": "GHSA-3f38-96qm-r3fw",
  "modified": "2023-11-15T18:21:59Z",
  "published": "2023-11-09T18:34:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46894"
    },
    {
      "type": "WEB",
      "url": "https://github.com/espressif/esptool/issues/926"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/espressif/esptool"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/esptool/PYSEC-2023-234.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "esptool allows attackers to view sensitive information via weak cryptographic algorithm"
}

GHSA-3GG4-V4M9-RJ55

Vulnerability from github – Published: 2024-01-24 00:30 – Updated: 2024-03-21 03:36
VLAI
Details

Lantronix XPort sends weakly encoded credentials within web request headers.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-7237"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-261",
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-23T22:15:16Z",
    "severity": "MODERATE"
  },
  "details": "\nLantronix XPort sends weakly encoded credentials within web request headers.\n\n",
  "id": "GHSA-3gg4-v4m9-rj55",
  "modified": "2024-03-21T03:36:24Z",
  "published": "2024-01-24T00:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7237"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-05"
    },
    {
      "type": "WEB",
      "url": "https://www.lantronix.com/products/xport-edge"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3GQ3-5GQH-97P3

Vulnerability from github – Published: 2022-05-17 02:57 – Updated: 2022-05-17 02:57
VLAI
Details

IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-2879"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-01T21:59:00Z",
    "severity": "HIGH"
  },
  "details": "IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341.",
  "id": "GHSA-3gq3-5gqh-97p3",
  "modified": "2022-05-17T02:57:03Z",
  "published": "2022-05-17T02:57:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2879"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21997341"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96502"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3HJ5-HHQ7-F54X

Vulnerability from github – Published: 2022-05-14 03:47 – Updated: 2022-05-14 03:47
VLAI
Details

In the Procter & Gamble "Oral-B App" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. An attacker can gain access to locally stored user data more easily by leveraging access to the preferences XML file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-5298"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-08T08:29:00Z",
    "severity": "HIGH"
  },
  "details": "In the Procter \u0026 Gamble \"Oral-B App\" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. An attacker can gain access to locally stored user data more easily by leveraging access to the preferences XML file.",
  "id": "GHSA-3hj5-hhq7-f54x",
  "modified": "2022-05-14T03:47:38Z",
  "published": "2022-05-14T03:47:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5298"
    },
    {
      "type": "WEB",
      "url": "https://1337sec.blogspot.de/2018/01/auditing-oral-b-app-v500.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Use an encryption scheme that is currently considered to be strong by experts in the field.

CAPEC-112: Brute Force

In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.

CAPEC-192: Protocol Analysis

An adversary engages in activities to decipher and/or decode protocol information for a network or application communication protocol used for transmitting information between interconnected nodes or systems on a packet-switched data network. While this type of analysis involves the analysis of a networking protocol inherently, it does not require the presence of an actual or physical network.

CAPEC-20: Encryption Brute Forcing

An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.