PT-2024-29029 · Apache · Apache Answer
Sam Bull
·
Published
2024-09-25
·
Updated
2025-07-10
·
CVE-2024-40761
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/U:Green |
Name of the Vulnerable Software and Affected Versions
Apache Answer versions through 1.3.5
Description
The issue is related to inadequate encryption strength, where the MD5 value of a user's email is used to access Gravatar, leading to potential leakage of user email. The official recommendation is to use SHA256 instead.
Recommendations
Upgrade to version 1.4.0, which fixes the issue. As a temporary workaround, consider using SHA256 instead of MD5 for accessing Gravatar to minimize the risk of exploitation.
Fix
Inadequate Encryption Strength
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Answer