CVE-2021-39182

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions EnroCrypt versions prior to 1.1.4

Description EnroCrypt is a Python module for encryption and hashing that used the MD5 hashing algorithm in the hashing file, which is considered an insecure hashing algorithm. This can cause problems for beginners who are unfamiliar with hashes. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions prior to 1.1.4, upgrade to version 1.1.4 to patch the vulnerability. As a temporary workaround for versions prior to 1.1.4, users can remove the MD5 hashing function from the file hashing.py to mitigate the issue.

Exploit

Fix

Use of a Broken Cryptographic Algorithm

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-328CWE-327CWE-326CWE-916

Related Identifiers

CVE-2021-39182

GHSA-35M5-8CVJ-8783

PYSEC-2021-385

Affected Products

Enrocrypt

CVE-2021-39182

Weakness Enumeration

Related Identifiers

Affected Products

References · 11