The vulnerability is we used MD5 hashing Algorithm In our hashing file. If anyone who is a beginner(and doesn’t know about hashes) can face problems as MD5 is considered a Insecure Hashing Algorithm.
The vulnerability is patched in v1.1.4 of the product, the users can upgrade to version 1.1.4.
If u specifically want a version and don’t want to upgrade, you can remove the MD5
hashing function from the file hashing.py
and this vulnerability will be gone
https://www.cybersecurity-help.cz/vdb/cwe/916/
https://www.cybersecurity-help.cz/vdb/cwe/327/
https://www.cybersecurity-help.cz/vdb/cwe/328/
https://www.section.io/engineering-education/what-is-md5/
https://www.johndcook.com/blog/2019/01/24/reversing-an-md5-hash/
If you have any questions or comments about this advisory: