CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-20138

The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the default algorithm for libsodium's crypto_pwhash_str is not used.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.0%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

Products affected by CVE-2019-20138

Http Authentication Library Project » Http Authentication Library » Version: N/A

cpe:2.3:a:http_authentication_library_project:http_authentication_library:-
Http Authentication Library Project » Http Authentication Library » Version: 0.1.0

cpe:2.3:a:http_authentication_library_project:http_authentication_library:0.1.0
Http Authentication Library Project » Http Authentication Library » Version: 0.1.2

cpe:2.3:a:http_authentication_library_project:http_authentication_library:0.1.2
Http Authentication Library Project » Http Authentication Library » Version: 0.1.3

cpe:2.3:a:http_authentication_library_project:http_authentication_library:0.1.3
Http Authentication Library Project » Http Authentication Library » Version: 0.2.0

cpe:2.3:a:http_authentication_library_project:http_authentication_library:0.2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-20138

Products

Pricing

Contact Us