Malicious code in cryptowallethash (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4d493d3c40b5136dd3ffea29264cf1066247cda3a10094201b4f71554ae3e592 The package claims to calculate a hash value for usage in "cryptocurrency", but before returning the hash, it exfiltrates the plain value. --- Category:...

SUSE CVE-2022-2582

The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it...

UBUNTU-CVE-2022-2582

The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it...

CVE-2022-2582 Exposure of unencrypted plaintext hash in github.com/aws/aws-sdk-go

The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it...

AWS SDK for Android 加密问题漏洞

AWS SDK for Android is an AWS SDK for Android open source by AWS Amplify. A security vulnerability exists in AWS SDK for Android that stems from sending an unencrypted hash of plaintext along with ciphertext as a metadata field. If the hash is readable by an attacker, the hash can be used to brut...

GO-2022-0391 Exposure of unencrypted plaintext hash in github.com/aws/aws-sdk-go

The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it...

Information Disclosure

github.com/aws/aws-sdk-go is vulnerable to information disclosure. The vulnerability exists due to the unencrypted md5 plaintext hash in the library's metadata, allowing an attacker who has read access to the encrypted S3 bucket to recover the plaintext without accessing the encryption key...

GHSA-76WF-9VGP-PJ7W Duplicate Advisory: Unencrypted md5 plaintext hash in metadata in AWS S3 Crypto SDK for golang

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6jvc-q2x7-pchv. This link is maintained to preserve external references. Original Description Summary The golang AWS S3 Crypto SDK was impacted by an issue that can result in loss of confidentiality. An attacker...

PT-2022-17545 · Amazon Web Services · Aws S3 Crypto Sdk

Name of the Vulnerable Software and Affected Versions: AWS S3 Crypto SDK affected versions not specified Description: The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is...