CVE-2026-8647

Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The randombytes function fell back to using the built-in rand function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or...

CVE-2026-8647 Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available

Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The randombytes function fell back to using the built-in rand function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or...

Fedora 43 : perl-CryptX (2026-3e1f671a17)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3e1f671a17 advisory. 0.088 2026-04-23 - Crypt::KeyDerivation - new functions: pbkdf1openssl, bcryptpbkdf, scryptpbkdf, argon2pbkdf - Crypt::Misc - new functions: randomv7uuid,...

LiteLLM: Password hash exposure and pass-the-hash authentication bypass

Impact Three issues combine into a full authentication bypass chain: 1. Weak hashing: User passwords are stored as unsalted SHA-256 hashes, making them vulnerable to rainbow table attacks and trivially identifying users with identical passwords. 2. Hash exposure: Multiple API endpoints /user/info...

GHSA-69X8-HRGQ-FJJ8 LiteLLM: Password hash exposure and pass-the-hash authentication bypass

Impact Three issues combine into a full authentication bypass chain: 1. Weak hashing: User passwords are stored as unsalted SHA-256 hashes, making them vulnerable to rainbow table attacks and trivially identifying users with identical passwords. 2. Hash exposure: Multiple API endpoints /user/info...

EUVD-2023-0542

Malicious code in bioql PyPI...

CVE-2014-125055

A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitability is told to be difficult...

GO-2023-1294 easy-scrypt Observable Timing Discrepancy vulnerability in github.com/agnivade/easy-scrypt

easy-scrypt Observable Timing Discrepancy vulnerability in github.com/agnivade/easy-scrypt...

Fedora: Security Advisory for java-scrypt (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: java-scrypt-1.4.0-24.fc40

A pure Java implementation of the scrypt key derivation function...

Timing Attacks

github.com/agnivade/easy-scrypt is vulnerable to Timing Attacks. The vulnerability exists because the VerifyPassphrase function of scrypt.go does not compare hashes in constant time, allowing an attacker to progressively use the timing of the request to identify a valid hash...

easy-scrypt Observable Timing Discrepancy vulnerability

A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. Upgrading to version 1.0.0 can address this issue. The name of the patch is...

GHSA-R894-5R7V-7RX3 easy-scrypt Observable Timing Discrepancy vulnerability

A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. Upgrading to version 1.0.0 can address this issue. The name of the patch is...

CVE-2014-125055

A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitability is told to be difficult...

Design/Logic Flaw

A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitability is told to be difficult...

CVE-2014-125055

The CVE concerns the Go library agnivade/easy-scrypt. Affected is the VerifyPassphrase function in scrypt.go, where an observable timing discrepancy is introduced due to the underlying implementation flaw. Per multiple sources, upgrading to version 1.0.0 fixes the issue (patch: 477c10cf3b144ddf96...

CVE-2014-125055 agnivade easy-scrypt scrypt.go VerifyPassphrase timing discrepancy

A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitability is told to be difficult...

Observable Timing Discrepancy

A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is...

agnivade easy-scrypt 安全漏洞

easy-scrypt is a primitive scrypt library available in Go by Agniva De Sarker's personal developer. A security vulnerability exists in agnivade easy-scrypt. An attacker has exploited the vulnerability to cause observable time discrepancies...

Malicious code in scrypt-shim (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d35f2999053c0d8b7abe3dc46b17ee7c41b309ed661021067496ee77e569f923 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...