VYPR

CWE-328

Use of Weak Hash

BaseDraft

Description

The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).

Hierarchy (View 1000)

Children

Related attack patterns (CAPEC)

CAPEC-461 · CAPEC-68

CVEs mapped to this weakness (67)

page 4 of 4
  • CVE-2023-43635Sep 20, 2023
    risk 0.00cvss epss 0.00

    Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR entry. These PCRs are then used in order to…

  • CVE-2023-43630Sep 20, 2023
    risk 0.00cvss epss 0.00

    PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not solve the problem of the config partition not being measured correctly. …

  • CVE-2022-45379Nov 15, 2022
    risk 0.00cvss epss 0.00

    Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks.

  • CVE-2022-29249May 24, 2022
    risk 0.00cvss epss 0.01

    JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of…

  • CVE-2021-39182Nov 8, 2021
    risk 0.00cvss epss 0.01

    EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is…

  • CVE-2017-18917Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.

  • CVE-2011-5036Dec 30, 2011
    risk 0.00cvss epss 0.04

    Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted…