2 matches found
Duplicate Advisory: Unencrypted md5 plaintext hash in metadata in AWS S3 Crypto SDK for golang
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6jvc-q2x7-pchv. This link is maintained to preserve external references. Original Description Summary The golang AWS S3 Crypto SDK was impacted by an issue that can result in loss of confidentiality. An attacker...
GHSA-WQGP-VPHW-HPHF Security issues in AWS KMS and AWS Encryption SDKs: in-band protocol negotiation and robustness
Authors: Thai "thaidn" Duong Summary The following security vulnerabilities was discovered and reported to Amazon, affecting AWS KMS and all versions of AWS Encryption SDKs prior to version 2.0.0: Information leakage: an attacker can create ciphertexts that would leak the user’s AWS account ID,...