CWE-328
AllowedUse of Weak Hash
Abstraction: Base · Status: Draft
The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).
149 vulnerabilities reference this CWE, most recent first.
GHSA-PHCG-H58R-GMCQ
Vulnerability from github – Published: 2026-02-04 20:43 – Updated: 2026-02-04 20:43Impact
PCR14 is not included in the list of PCRs that seal/unseal the vault key. Additionally, the vault key uses SHA1 PCRs instead of SHA256. Thus an attacker with physical access can take out the disk, use a different computer to modify the files in the /config partition, and re-insert the disk and boot without the change being detected by measured boot and remote attestation.
Patches
Fixed in EVE version 9.4.3-lts
Workarounds
None (apart from preventing physical access to the device)
Resources
https://help.zededa.com/hc/en-us/articles/43295940828827-TPM-PCR-Index-Security-Implications https://github.com/lf-edge/eve/commit/d9383a7ee4e1c39f5c8c6d4a63cb2ebd00695e8a
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/lf-edge/eve"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20230126065759-d9383a7ee4e1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-43630"
],
"database_specific": {
"cwe_ids": [
"CWE-328",
"CWE-522"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-04T20:43:16Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Impact\nPCR14 is not included in the list of PCRs that seal/unseal the vault key. Additionally, the vault key uses SHA1 PCRs instead of SHA256.\nThus an attacker with physical access can take out the disk, use a different computer to modify the files in the /config partition, and re-insert the disk and boot without the change being detected by measured boot and remote attestation.\n\n### Patches\n\nFixed in EVE version 9.4.3-lts\n\n### Workarounds\n\nNone (apart from preventing physical access to the device)\n\n### Resources\n\nhttps://help.zededa.com/hc/en-us/articles/43295940828827-TPM-PCR-Index-Security-Implications\nhttps://github.com/lf-edge/eve/commit/d9383a7ee4e1c39f5c8c6d4a63cb2ebd00695e8a",
"id": "GHSA-phcg-h58r-gmcq",
"modified": "2026-02-04T20:43:16Z",
"published": "2026-02-04T20:43:16Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/lf-edge/eve/security/advisories/GHSA-phcg-h58r-gmcq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43630"
},
{
"type": "WEB",
"url": "https://github.com/lf-edge/eve/commit/d9383a7ee4e1c39f5c8c6d4a63cb2ebd00695e8a"
},
{
"type": "WEB",
"url": "https://asrg.io/security-advisories/config-partition-not-measured-from-2-fronts"
},
{
"type": "WEB",
"url": "https://asrg.io/security-advisories/cve-2023-43630"
},
{
"type": "PACKAGE",
"url": "https://github.com/lf-edge/eve"
},
{
"type": "WEB",
"url": "https://help.zededa.com/hc/en-us/articles/43295940828827-TPM-PCR-Index-Security-Implications"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "EVE Doesn\u0027t Measure Config Partition From 2 Fronts"
}
GHSA-PPR9-V8VC-4F6R
Vulnerability from github – Published: 2025-06-12 15:31 – Updated: 2025-06-12 15:31The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account.
{
"affected": [],
"aliases": [
"CVE-2025-49197"
],
"database_specific": {
"cwe_ids": [
"CWE-328"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-12T15:15:39Z",
"severity": "MODERATE"
},
"details": "The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account.",
"id": "GHSA-ppr9-v8vc-4f6r",
"modified": "2025-06-12T15:31:23Z",
"published": "2025-06-12T15:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49197"
},
{
"type": "WEB",
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"type": "WEB",
"url": "https://sick.com/psirt"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"type": "WEB",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"type": "WEB",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
},
{
"type": "WEB",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PW38-3JFP-FW32
Vulnerability from github – Published: 2025-05-28 18:33 – Updated: 2025-05-28 18:33The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities (including rainbow tables) with low computational effort.
{
"affected": [],
"aliases": [
"CVE-2025-48931"
],
"database_specific": {
"cwe_ids": [
"CWE-328"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-28T17:15:25Z",
"severity": "LOW"
},
"details": "The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities (including rainbow tables) with low computational effort.",
"id": "GHSA-pw38-3jfp-fw32",
"modified": "2025-05-28T18:33:28Z",
"published": "2025-05-28T18:33:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48931"
},
{
"type": "WEB",
"url": "https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q39M-5R2M-G8V4
Vulnerability from github – Published: 2026-06-04 18:30 – Updated: 2026-06-08 15:32GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via a bruteforce attack.
{
"affected": [],
"aliases": [
"CVE-2026-36182"
],
"database_specific": {
"cwe_ids": [
"CWE-328"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-04T16:16:35Z",
"severity": "CRITICAL"
},
"details": "GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via a bruteforce attack.",
"id": "GHSA-q39m-5r2m-g8v4",
"modified": "2026-06-08T15:32:43Z",
"published": "2026-06-04T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36182"
},
{
"type": "WEB",
"url": "https://github.com/BadChemical/IoT-Vulnerability-Research-Public/blob/main/GNCC-GP5-T23/README.md"
},
{
"type": "WEB",
"url": "http://gncc.com"
},
{
"type": "WEB",
"url": "http://gp5.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QQ37-7FRG-JXX4
Vulnerability from github – Published: 2025-06-26 21:31 – Updated: 2025-06-26 21:31Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak.
This issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5.
{
"affected": [],
"aliases": [
"CVE-2025-41256"
],
"database_specific": {
"cwe_ids": [
"CWE-328"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-25T10:15:22Z",
"severity": "HIGH"
},
"details": "Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak.\n\n\n\n\n\n\n\nThis issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5.",
"id": "GHSA-qq37-7frg-jxx4",
"modified": "2025-06-26T21:31:10Z",
"published": "2025-06-26T21:31:10Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-688c-vjrc-84rv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41256"
},
{
"type": "WEB",
"url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-02_Cyberduck_Mountain_Duck_Weak_Hash"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R3CW-C95M-WFH9
Vulnerability from github – Published: 2026-06-22 20:59 – Updated: 2026-06-22 20:59Summary
An authentication bypass vulnerability exists due to improper trust in client-controlled cookies. The application accepts user-supplied cookie values containing a username and password-hash-derived value as sufficient authentication material. These cookies can be set or modified prior to login, allowing an unauthenticated attacker to impersonate arbitrary users without knowledge of the plaintext password. This issue stems from the absence of server-side validation of authentication state and reliance on attacker-controlled cookie data
Details
The vulnerability arises because the application accepts the client-supplied cookies named meye_password_hash and meye_username as sufficient authentication material. The server does not validate these values against a server-side session or enforce proper authentication checks before establishing an authenticated state. As a result, an unauthenticated attacker can set or modify these cookies to impersonate another user if the target username and corresponding hash are known.
These cookies normally appear after using the "switch user" functionality; however, they can be added manually prior to authentication using standard browser tools (e.g., developer tools or cookie editors) or dynamically loaded by submitting blank credentials. When supplied, the server accepts them and authenticates the attacker as the specified user bypassing the intended authentication flow
Additionally, the password-hash value and username for the admin account used by the application is stored in /etc/motioneye/motion.conf which is globally readable by default on the local system. This means any local user with shell access can obtain a valid hash and values and use them to impersonate the admin via the cookie manipulation described above. While local access is required to retrieve the hash, this significantly lowers the barrier to exploitation in multi-user environments.
PoC
Starting state unauthenticated with no cookies:
After manually adding or submitting blank credentials to get the cookies loaded:
Adding the credentials and refreshing the page gives us a valid session:
version information and session interaction validation
Impact
Authentication bypass
Who is impacted?
Any MotionEye deployment where attackers have access to a username and hash, and/or the /etc/motioneye/motion.conf file with the admin username and hash.
Potential consequences:
- Account lockouts
- Attacker persistence by changing the password
- Enumeration of data
- Destruction of data
- Exfiltration of data
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "motioneye"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.44.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-46488"
],
"database_specific": {
"cwe_ids": [
"CWE-256",
"CWE-287",
"CWE-328",
"CWE-836"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-22T20:59:31Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "### Summary\nAn authentication bypass vulnerability exists due to improper trust in client-controlled cookies. The application accepts user-supplied cookie values containing a username and password-hash-derived value as sufficient authentication material. These cookies can be set or modified prior to login, allowing an unauthenticated attacker to impersonate arbitrary users without knowledge of the plaintext password. This issue stems from the absence of server-side validation of authentication state and reliance on attacker-controlled cookie data\n\n### Details\nThe vulnerability arises because the application accepts the client-supplied cookies named `meye_password_hash` and `meye_username` as sufficient authentication material. The server does not validate these values against a server-side session or enforce proper authentication checks before establishing an authenticated state. As a result, an unauthenticated attacker can set or modify these cookies to impersonate another user if the target username and corresponding hash are known.\n\nThese cookies normally appear after using the \"switch user\" functionality; however, they can be added manually prior to authentication using standard browser tools (e.g., developer tools or cookie editors) or dynamically loaded by submitting blank credentials. When supplied, the server accepts them and authenticates the attacker as the specified user bypassing the intended authentication flow\n\nAdditionally, the password-hash value and username for the admin account used by the application is stored in `/etc/motioneye/motion.conf` which is globally readable by default on the local system. This means any local user with shell access can obtain a valid hash and values and use them to impersonate the admin via the cookie manipulation described above. While local access is required to retrieve the hash, this significantly lowers the barrier to exploitation in multi-user environments. \n\n### PoC\nStarting state unauthenticated with no cookies:\n\u003cimg width=\"644\" height=\"475\" alt=\"start state\" src=\"https://github.com/user-attachments/assets/cf4aff78-65f7-4f67-99e2-9134c8f04277\" /\u003e\n\nAfter manually adding or submitting blank credentials to get the cookies loaded:\n\u003cimg width=\"643\" height=\"470\" alt=\"empty cookies\" src=\"https://github.com/user-attachments/assets/223878eb-f085-4ac5-a92a-2ac21831c594\" /\u003e\n\n\nAdding the credentials and refreshing the page gives us a valid session:\n\u003cimg width=\"641\" height=\"466\" alt=\"admin login with hash\" src=\"https://github.com/user-attachments/assets/94b350ef-dd32-4cae-8bd8-e48841873f79\" /\u003e\n\n\nversion information and session interaction validation\n\u003cimg width=\"643\" height=\"468\" alt=\"verison\" src=\"https://github.com/user-attachments/assets/94290ad6-4e82-4026-8e27-5374e2f3a631\" /\u003e\n\n\n### Impact\nAuthentication bypass\n\n### Who is impacted?\n\nAny MotionEye deployment where attackers have access to a username and hash, and/or the `/etc/motioneye/motion.conf` file with the admin username and hash.\n\nPotential consequences:\n\n- Account lockouts \n- Attacker persistence by changing the password\n- Enumeration of data\n- Destruction of data\n- Exfiltration of data",
"id": "GHSA-r3cw-c95m-wfh9",
"modified": "2026-06-22T20:59:31Z",
"published": "2026-06-22T20:59:31Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/motioneye-project/motioneye/security/advisories/GHSA-r3cw-c95m-wfh9"
},
{
"type": "PACKAGE",
"url": "https://github.com/motioneye-project/motioneye"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "motionEye: Authentication possible via password hash"
}
GHSA-RFF8-7PH7-XCHR
Vulnerability from github – Published: 2024-12-05 15:31 – Updated: 2025-02-27 18:31MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes. Affected products:
ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01; MATRIX Series v3.08.01
{
"affected": [],
"aliases": [
"CVE-2024-48847"
],
"database_specific": {
"cwe_ids": [
"CWE-327",
"CWE-328"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-05T13:15:07Z",
"severity": "HIGH"
},
"details": "MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.01; \nNEXUS Series v3.08.01; \nMATRIX Series v3.08.01",
"id": "GHSA-rff8-7ph7-xchr",
"modified": "2025-02-27T18:31:02Z",
"published": "2024-12-05T15:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48847"
},
{
"type": "WEB",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-RFH5-GX7W-H7V7
Vulnerability from github – Published: 2025-04-15 06:30 – Updated: 2026-05-12 15:30A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
{
"affected": [],
"aliases": [
"CVE-2025-3576"
],
"database_specific": {
"cwe_ids": [
"CWE-328"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-15T06:15:44Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.",
"id": "GHSA-rfh5-gx7w-h7v7",
"modified": "2026-05-12T15:30:52Z",
"published": "2025-04-15T06:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576"
},
{
"type": "WEB",
"url": "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-577017.html"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359465"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-3576"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:9430"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:9418"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:8411"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:15004"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:15003"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:15002"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:15001"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:15000"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:13777"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:13664"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:11487"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RXX2-698Q-7R9Q
Vulnerability from github – Published: 2023-12-23 09:30 – Updated: 2023-12-23 09:30A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization.
{
"affected": [],
"aliases": [
"CVE-2023-5962"
],
"database_specific": {
"cwe_ids": [
"CWE-327",
"CWE-328"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-23T09:15:08Z",
"severity": "MODERATE"
},
"details": "A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization.\n\n",
"id": "GHSA-rxx2-698q-7r9q",
"modified": "2023-12-23T09:30:22Z",
"published": "2023-12-23T09:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5962"
},
{
"type": "WEB",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-235250-iologik-e1200-series-web-server-vulnerability"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-V6J3-7JRW-HQ2P
Vulnerability from github – Published: 2022-05-17 04:59 – Updated: 2023-08-25 23:09Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "rack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "rack"
},
"ranges": [
{
"events": [
{
"introduced": "1.2.0"
},
{
"fixed": "1.2.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "rack"
},
"ranges": [
{
"events": [
{
"introduced": "1.3.0"
},
{
"fixed": "1.3.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.jruby:jruby-parent"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.5.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2011-5036"
],
"database_specific": {
"cwe_ids": [
"CWE-328",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-27T16:12:55Z",
"nvd_published_at": "2011-12-30T01:55:00Z",
"severity": "MODERATE"
},
"details": "Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.",
"id": "GHSA-v6j3-7jrw-hq2p",
"modified": "2023-08-25T23:09:49Z",
"published": "2022-05-17T04:59:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-5036"
},
{
"type": "WEB",
"url": "https://gist.github.com/52bbc6b9cc19ce330829"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2011-5036.yml"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20120201040317/http://jruby.org/2011/12/27/jruby-1-6-5-1"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20130213132312/http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2013/dsa-2783"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/903934"
},
{
"type": "WEB",
"url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
},
{
"type": "WEB",
"url": "http://www.ocert.org/advisories/ocert-2011-003.html"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Rack Gem Subject to Denial of Service via Hash Collisions"
}
Mitigation MIT-51
- Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations ("stretching") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use.
- Some hash functions that have one or more of these desired properties include bcrypt [REF-291], scrypt [REF-292], and PBKDF2 [REF-293]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead.
- Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks. However, their configurability provides finer control over how much CPU and memory is used, so it could be adjusted to suit the environment's needs.
CAPEC-461: Web Services API Signature Forgery Leveraging Hash Function Extension Weakness
An adversary utilizes a hash function extension/padding weakness, to modify the parameters passed to the web service requesting authentication by generating their own call in order to generate a legitimate signature hash (as described in the notes), without knowledge of the secret token sometimes provided by the web service.
CAPEC-68: Subvert Code-signing Facilities
Many languages use code signing facilities to vouch for code's identity and to thus tie code to its assigned privileges within an environment. Subverting this mechanism can be instrumental in an attacker escalating privilege. Any means of subverting the way that a virtual machine enforces code signing classifies for this style of attack.