Vulnerability Details CVE-2021-39182
EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of the product. As a workaround, users can remove the `MD5` hashing function from the file `hashing.py`.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/Morgan-Phoenix/EnroCrypt/commit/e652d56ac60eadfc26489ab83927af13a9b9d8ce
- https://github.com/Morgan-Phoenix/EnroCrypt/security/advisories/GHSA-35m5-8cvj-8783
- https://github.com/Morgan-Phoenix/EnroCrypt/commit/e652d56ac60eadfc26489ab83927af13a9b9d8ce
- https://github.com/Morgan-Phoenix/EnroCrypt/security/advisories/GHSA-35m5-8cvj-8783
Products affected by CVE-2021-39182
-
cpe:2.3:a:enrocrypt_project:enrocrypt:1.0.0
-
cpe:2.3:a:enrocrypt_project:enrocrypt:1.0.1
-
cpe:2.3:a:enrocrypt_project:enrocrypt:1.0.2
-
cpe:2.3:a:enrocrypt_project:enrocrypt:1.0.3
-
cpe:2.3:a:enrocrypt_project:enrocrypt:1.0.4
-
cpe:2.3:a:enrocrypt_project:enrocrypt:1.0.5
-
cpe:2.3:a:enrocrypt_project:enrocrypt:1.0.6
-
cpe:2.3:a:enrocrypt_project:enrocrypt:1.0.7
-
cpe:2.3:a:enrocrypt_project:enrocrypt:1.1.0
-
cpe:2.3:a:enrocrypt_project:enrocrypt:1.1.1
-
cpe:2.3:a:enrocrypt_project:enrocrypt:1.1.2
-
cpe:2.3:a:enrocrypt_project:enrocrypt:1.1.3