7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-39182

GHSA ID

GHSA-35m5-8cvj-8783

EPSS Score

0.24376%

CWE

CWE-326

Published

11/10/2021

Updated

9/20/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-39182

CVE-2021-39182: Improper hashing in enrocrypt

Impact

The vulnerability is we used MD5 hashing Algorithm In our hashing file. If anyone who is a beginner(and doesn't know about hashes) can face problems as MD5 is considered a Insecure Hashing Algorithm.

Patches

The vulnerability is patched in v1.1.4 of the product, the users can upgrade to version 1.1.4.

Workarounds

If u specifically want a version and don't want to upgrade, you can remove the MD5 hashing function from the file hashing.py and this vulnerability will be gone

References

https://www.cybersecurity-help.cz/vdb/cwe/916/ https://www.cybersecurity-help.cz/vdb/cwe/327/ https://www.cybersecurity-help.cz/vdb/cwe/328/ https://www.section.io/engineering-education/what-is-md5/ https://www.johndcook.com/blog/2019/01/24/reversing-an-md5-hash/

For more information

If you have any questions or comments about this advisory:

Open an issue in Enrocrypt's Official Repo
Create a Discussion in Enrocrypt's Official Repo

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-39182

GHSA ID

GHSA-35m5-8cvj-8783

EPSS Score

0.24376%

CWE

CWE-326

Published

11/10/2021

Updated

9/20/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
enrocrypt	pip	< 1.1.4	1.1.4

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability explicitly references hashing.py as the root cause. The commit diff shows removal of the MD5() method from hashing.py, confirming it was the vulnerable component. MD5 is well-known to be insecure for cryptographic purposes (CWE-327/328/916), and the advisory directly links removal of this function to resolving the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t T** vuln*r**ility is w* us** M** **s*in* *l*orit*m In our **s*in* *il*. I* *nyon* w*o is * ***inn*r(*n* *o*sn't know **out **s**s) **n **** pro*l*ms *s M** is *onsi**r** * Ins**ur* **s*in* *l*orit*m. ### P*t***s T** vuln*r**ility is p*t

Reasoning

T** vuln*r**ility *xpli*itly r***r*n**s `**s*in*.py` *s t** root **us*. T** *ommit *i** s*ows r*mov*l o* t** `M**()` m*t*o* *rom `**s*in*.py`, *on*irmin* it w*s t** vuln*r**l* *ompon*nt. `M**` is w*ll-known to ** ins**ur* *or *rypto*r*p*i* purpos*s (

7.5

Basic Information

Concerned about an active attack path?

CVE-2021-39182: Improper hashing in enrocrypt

Impact

Patches

Workarounds

References

For more information

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI