Lucene search
GoogleOSV:GHSA-6JVC-Q2X7-PCHVHistoryDec 28, 2022 - 12:30 a.m.
AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field
2022-12-2800:30:23
Google
osv.dev
8
0.001 Low
EPSS
Percentile
19.4%
The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/aws/aws-sdk-go | lt | 1.34.0 |
Related
github
github
ibm
ibm
prion
prion
Code injection
2022-12-27 22:15:00
osv
osv
Exposure of unencrypted plaintext hash in github.com/aws/aws-sdk-go
2022-07-01 20:10:56
Unencrypted md5 plaintext hash in metadata in AWS S3 Crypto SDK for golang
2022-02-11 23:26:12
wolfi
wolfi
CVE-2022-2582 vulnerabilities
2024-05-18 15:56:03
cvelist
cvelist
veracode
veracode
Information Disclosure
2023-01-07 20:13:42
ubuntucve
ubuntucve
CVE-2022-2582
2022-12-27 00:00:00
debiancve
debiancve
CVE-2022-2582
2022-12-27 22:15:00
cve
cve
CVE-2022-2582
2022-12-27 22:15:00
cgr
cgr
CVE-2022-2582 vulnerabilities
2024-05-18 15:53:42