12 matches found
CVE-2026-7874
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest...
EUVD-2026-40380
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest...
CVE-2026-7874 Weak Cryptographic Key Derivation Exposed All Stored Credentials
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest...
CVE-2026-7874
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest...
PT-2026-53950
Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description Langflow uses a weak and reversible key derivation mechanism for encryption at rest, which could lead to the disclosure of all stored credentials. Recommendations At the moment, there ...
Security Bulletin: Weak Cryptographic Key Derivation Exposed All Stored Credentials
Summary A critical vulnerability in the credential encryption system allowed attackers to decrypt all stored API keys, database passwords, and OAuth tokens. The system used Python's non-cryptographic Mersenne Twister PRNG seeded with the SECRETKEY to derive Fernet encryption keys for credentials...
Exploit for CVE-2024-51346
CVE-2024-51346: Cryptographic Bypass and Media Decryption in E...
Jervis 加密问题漏洞
Jervis is an automation tool from the individual developer Sam Gleske. A cryptographic issue vulnerability exists in versions prior to Jervis 2.2 that stems from the SHA-256 and derived salt values from a passphrase, resulting in the same key being generated for the same passphrase...
PT-2023-29866 · Cryptoes · Cryptoes
Name of the Vulnerable Software and Affected Versions: CryptoES versions prior to 2.1.0 Description: The CryptoES PBKDF2 is weaker than originally specified and current industry standards due to defaulting to SHA1 and a single iteration. This weakness can lead to high-impact issues if used for...
CVE-2021-36750
ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, making it easier for attackers to determine the passwords of all DataVault users across USB drives sold under multiple brand names...
Insecure Encryption
Overview parsel is a library that allows you to encrypt and decrypt data with a given key. Affected versions of this package are vulnerable to Insecure Encryption. It contains a weak key derivation function, in which a key of arbitrary length is run through one round of SHA256 to gain key materia...
Insecure Encryption
Overview parsel is a gem to encrypt and decrypt data with a given key. Affected versions of this package are vulnerable to Insecure Encryption. It contains a weak key derivation function, in which a key of arbitrary length is run through one round of SHA256 to gain key material of the correct...