Main Vulnerability Database SB2020052607

SB2020052607 - Cryptographic issues in Passlib library for Python

Published: May 26, 2020

Security Bulletin ID SB2020052607

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cryptographic issues (CVE-ID: N/A)

The vulnerability allows a remote attacker to comrpomise the target system.

The vulnerability exists due to the affected product contains weak cryptography within the "bcrypt_sha256" when the SHA-256 prehash is unsalted. A remote attacker can perform breach correlation attacks.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://snyk.io/vuln/SNYK-PYTHON-PASSLIB-569603
https://bitbucket.org/ecollins/passlib/issues/114/bcrypt_sha256-is-vulnerable-to-breach
https://bitbucket.org/ecollins/passlib/commits/bd0da1bdf0fd17b886212649184f2ce3eb8c8329