Lucene search
+L

52 matches found

Github Security Blog
Github Security Blog
added 2022/01/06 10:20 p.m.40 views

Use of a Broken or Risky Cryptographic Algorithm in Max Mazurov Maddy

A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy before 0.5.2, which is an unnecessary risk that may result in the exposure of sensitive information...

7.5CVSS2.1AI score0.00723EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/01/06 10:20 p.m.44 views

GHSA-5R5W-H76P-M726 Use of a Broken or Risky Cryptographic Algorithm in Max Mazurov Maddy

A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy before 0.5.2, which is an unnecessary risk that may result in the exposure of sensitive information...

7.5CVSS7.4AI score0.00723EPSS
Exploits0References4
Veracode
Veracode
added 2021/12/30 2:37 a.m.20 views

Information Disclosure

github.com/foxcpp/maddy is vulnerable to information disclosure. The vulnerability exists in verify.go of auth.shadow module due to the presence of MD5 hashes which allows an attacker to gain access to sensitive information...

7.5CVSS2.1AI score0.00723EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2021/12/28 7:15 p.m.32 views

CVE-2021-42583

A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy before 0.5.2, which is an unnecessary risk that may result in the exposure of sensitive information...

7.5CVSS0.00723EPSS
Exploits0References2
OSV
OSV
added 2021/12/28 7:15 p.m.13 views

CVE-2021-42583

A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy before 0.5.2, which is an unnecessary risk that may result in the exposure of sensitive information...

7.5CVSS6.7AI score
Exploits0References2
Prion
Prion
added 2021/12/28 7:15 p.m.22 views

Design/Logic Flaw

A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy before 0.5.2, which is an unnecessary risk that may result in the exposure of sensitive information...

5CVSS7.5AI score0.00723EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/12/28 6:12 p.m.40 views

CVE-2021-42583

A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy before 0.5.2, which is an unnecessary risk that may result in the exposure of sensitive information...

7.7AI score0.00723EPSS
Exploits0References2
CVE
CVE
added 2021/12/28 6:12 p.m.72 views

CVE-2021-42583

Max Mazurov Maddy (github.com/foxcpp/maddy) is affected by a broken or risky cryptographic algorithm prior to version 0.5.2. The issue stems from the verify.go code-path in auth.shadow, where MD5-based hashing can lead to information disclosure. Multiple sources (CVE-2021-42583, GHSA-5R5W-H76P-M7...

7.5CVSS7.5AI score0.00723EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/12/28 12:0 a.m.7 views

Max Mazurov Maddy 加密问题漏洞

Max Mazurov Maddy is combinable all-in-one mail server. A security vulnerability exists in the previous version 0.5.2 of Max Mazurov Maddy, which stems from the disclosure of sensitive information in the application...

7.5CVSS7.2AI score0.00723EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/12/28 12:0 a.m.9 views

PT-2021-23641 · Max Mazurov · Maddy

Name of the Vulnerable Software and Affected Versions: Max Mazurov Maddy versions prior to 0.5.2 Description: The issue concerns the use of a broken or risky cryptographic algorithm, which poses an unnecessary risk that may result in the exposure of sensitive information. Recommendations: For...

7.5CVSS7.1AI score0.00723EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2021/10/12 4:6 p.m.22 views

MD5 hash support in github.com/foxcpp/maddy

Impact This vulnerability affects maddy 0.5.1, 0.5.0 users using auth.shadow module and an extremely outdated system that still allows MD5 hashes in /etc/shadows. Patches Patch is available as part of the 0.5.2 release. Workarounds Ensure MD5 hashes are not present in /etc/shadow...

2.7AI score
Exploits0References2Affected Software1
OSV
OSV
added 2021/10/12 4:6 p.m.11 views

GHSA-QH54-9VC5-M9FG MD5 hash support in github.com/foxcpp/maddy

Impact This vulnerability affects maddy 0.5.1, 0.5.0 users using auth.shadow module and an extremely outdated system that still allows MD5 hashes in /etc/shadows. Patches Patch is available as part of the 0.5.2 release. Workarounds Ensure MD5 hashes are not present in /etc/shadow...

3CVSS7.1AI score
Exploits0References2
Rows per page
Query Builder