10 matches found
CVE-2026-7874
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest...
EUVD-2026-40380
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest...
CVE-2026-7874 Weak Cryptographic Key Derivation Exposed All Stored Credentials
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest...
PT-2026-53950
Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description Langflow uses a weak and reversible key derivation mechanism for encryption at rest, which could lead to the disclosure of all stored credentials. Recommendations At the moment, there ...
Security Bulletin: Weak Cryptographic Key Derivation Exposed All Stored Credentials
Summary A critical vulnerability in the credential encryption system allowed attackers to decrypt all stored API keys, database passwords, and OAuth tokens. The system used Python's non-cryptographic Mersenne Twister PRNG seeded with the SECRETKEY to derive Fernet encryption keys for credentials...
Exploit for CVE-2024-51346
CVE-2024-51346: Cryptographic Bypass and Media Decryption in E...
Jervis 加密问题漏洞
Jervis is an automation tool from the individual developer Sam Gleske. A cryptographic issue vulnerability exists in versions prior to Jervis 2.2 that stems from the SHA-256 and derived salt values from a passphrase, resulting in the same key being generated for the same passphrase...
PT-2023-29866 · Cryptoes · Cryptoes
Name of the Vulnerable Software and Affected Versions: CryptoES versions prior to 2.1.0 Description: The CryptoES PBKDF2 is weaker than originally specified and current industry standards due to defaulting to SHA1 and a single iteration. This weakness can lead to high-impact issues if used for...
Insecure Encryption
Overview parsel is a library that allows you to encrypt and decrypt data with a given key. Affected versions of this package are vulnerable to Insecure Encryption. It contains a weak key derivation function, in which a key of arbitrary length is run through one round of SHA256 to gain key materia...
Insecure Encryption
Overview parsel is a gem to encrypt and decrypt data with a given key. Affected versions of this package are vulnerable to Insecure Encryption. It contains a weak key derivation function, in which a key of arbitrary length is run through one round of SHA256 to gain key material of the correct...