Design/Logic Flaw

A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php...

CVE-2021-42216

The CVE-2021-42216 entry concerns AnonAddy 0.8.5 with a broken or risky cryptographic algorithm in VerificationController.php. Affected software: AnonAddy (version 0.8.5). Vulnerable component: VerificationController.php; root cause: use of a broken or risky cryptographic algorithm. Impact (per C...

CVE-2021-42216

A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php...

PT-2021-23559 · Anonaddy · Anonaddy

Name of the Vulnerable Software and Affected Versions: AnonAddy version 0.8.5 Description: A Broken or Risky Cryptographic Algorithm exists in the software via VerificationController.php. Recommendations: For AnonAddy version 0.8.5, consider updating to a newer version that addresses the issue wi...

CVE-2021-39182 Use of Password Hash With Insufficient Computational Effort and Use of a Broken or Risky Cryptographic Algorithm and Reversible One-Way Hash in hashing.py

EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of t...

Use of a Broken or Risky Cryptographic Algorithm in anonaddy/anonaddy

Description MD5 and SHA-1 are popular cryptographic hash algorithms often used to verify the integrity of messages and other data. Recent advances in cryptanalysis have discovered weaknesses in both algorithms. Consequently, MD5 and SHA-1 should no longer be relied upon to verify the authenticity...

Use of a Broken or Risky Cryptographic Algorithm in froxlor/froxlor

Description Froxlor uses microtime to seed uniqid which is then hashed to produce a session token, microtime can be reasonably brute-forced/predicted, thus allowing for a relatively large-scale account-takeover attack or accurate targeted ones. Both microtime and uniqid are cryptographically...

CVE-2021-41096

Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 and earlier for release builds and versions 425 and earlier for nightly builds suffer from use of a weak cryptographic algorithm RSA/ECB/PKCS1Padding. The issue will be patched in v2.3 for release builds and 426 onwards for...

Security feature bypass

Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 and earlier for release builds and versions 425 and earlier for nightly builds suffer from use of a weak cryptographic algorithm RSA/ECB/PKCS1Padding. The issue will be patched in v2.3 for release builds and 426 onwards for...

CVE-2021-41096 Use of a Broken or Risky Cryptographic Algorithm in com.mayank.rucky

Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 and earlier for release builds and versions 425 and earlier for nightly builds suffer from use of a weak cryptographic algorithm RSA/ECB/PKCS1Padding. The issue will be patched in v2.3 for release builds and 426 onwards for...

CVE-2021-41096

The CVE-2021-41096 entry concerns the Rucky Android USB HID Rubber Ducky Launch Pad. Affected releases (versions 2.2 and earlier for release builds; 425 and earlier for nightly builds) use a weak cryptographic algorithm (RSA/ECB/PKCS1Padding) for encryption. The issue is addressed in v2.3 for rel...

ROS-2-1002

2.1002 Nettle library vulnerabilityCVE-2021-20305 1. Vulnerability Description: A Nettle library vulnerability involving the use of a failed cryptographic algorithm and allowing an unauthenticated remote attacker to execute arbitrary code.FSTEC Russia Information Security Threats Data Bank...

ROS-2-619

2.619 Nettle library vulnerabilityCVE-2021-20305 1. Vulnerability Description: A Nettle library vulnerability involving the use of a failed cryptographic algorithm and allowing an unauthenticated remote attacker to execute arbitrary code.FSTEC Russia Information Security Threats Data Bank...

ROS-2-1423

2.1423 Nettle library vulnerabilityCVE-2021-20305 1. Vulnerability Description: A vulnerability in the Nettle library that involves the use of a failed cryptographic algorithm and allows a remote unauthenticated attacker to execute arbitrary code.Identifier of the Information Security Threats Dat...

ROS-2-500

2.500 Nettle library vulnerabilityCVE-2021-20305 1. Vulnerability Description: A Nettle library vulnerability involving the use of a failed cryptographic algorithm and allowing an unauthenticated remote attacker to execute arbitrary code.FSTEC Russia Information Security Threats Data Bank...

ROS-2-1609

2.1609 Nettle library vulnerabilityCVE-2021-20305 1. Vulnerability Description: A vulnerability in the Nettle library that involves the use of a failed cryptographic algorithm and allows a remote unauthenticated attacker to execute arbitrary code.Identifier of the Information Security Threats Dat...

Use of a Broken or Risky Cryptographic Algorithm

✍️ Description The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are...

CVE-2021-27913 Use of a Broken or Risky Cryptographic Algorithm

The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under...

Revive Adserver: Use of a Broken or Risky Cryptographic Algorithm

revive-adserver utilizes a PRNG for session-token generation, this means that an attacker could theoretically be able to generate session tokens at random and take over accounts at random. This function does not generate cryptographically secure values, and should not be used for cryptographic...

Amazon AWS CloudFront 加密问题漏洞

Amazon AWS CloudFront is a content delivery network that provides basic services from Amazon.com, Inc.'s Web Services system. A security vulnerability exists in Amazon AWS CloudFront TLSv1.2 2019, where a related component uses a weak cryptographic algorithm resulting in a security risk...