Improper hashing in enrocrypt

2021-11-1016:28:46

Google

osv.dev

0.001 Low

EPSS

Percentile

48.0%

JSON

Impact

The vulnerability is we used MD5 hashing Algorithm In our hashing file. If anyone who is a beginner(and doesn’t know about hashes) can face problems as MD5 is considered a Insecure Hashing Algorithm.

Patches

The vulnerability is patched in v1.1.4 of the product, the users can upgrade to version 1.1.4.

Workarounds

If u specifically want a version and don’t want to upgrade, you can remove the MD5 hashing function from the file hashing.py and this vulnerability will be gone

References

https://www.cybersecurity-help.cz/vdb/cwe/916/
https://www.cybersecurity-help.cz/vdb/cwe/327/
https://www.cybersecurity-help.cz/vdb/cwe/328/
https://www.section.io/engineering-education/what-is-md5/
https://www.johndcook.com/blog/2019/01/24/reversing-an-md5-hash/

For more information

If you have any questions or comments about this advisory:

Open an issue in Enrocrypt’s Official Repo
Create a Discussion in Enrocrypt’s Official Repo

CPENameOperatorVersion
enrocrypteq1.0.7
enrocrypteq1.0.5
enrocrypteq1.1.2
enrocrypteq1.0.1
enrocrypteq1.0.2
enrocrypteq1.1.3
enrocrypteq1.0.0
enrocrypteq1.0.4
enrocrypteq1.0.6
enrocrypteq1.0.3

Name	Operator	Version
enrocrypt	eq	1.0.7
enrocrypt	eq	1.0.5
enrocrypt	eq	1.1.2
enrocrypt	eq	1.0.1
enrocrypt	eq	1.0.2
enrocrypt	eq	1.1.3
enrocrypt	eq	1.0.0
enrocrypt	eq	1.0.4
enrocrypt	eq	1.0.6
enrocrypt	eq	1.0.3