Miggo Logo
Miggo Vulnerability Database
GHSA-qh54-9vc5-m9fg

GHSA-qh54-9vc5-m9fg: MD5 hash support in github.com/foxcpp/maddy

3

CVSS Score
3.1

Basic Information

CVE ID
-
GHSA ID
GHSA-qh54-9vc5-m9fg
EPSS Score
-
CWE
CWE-261
Published
10/12/2021
Updated
1/9/2023
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/foxcpp/maddygo>= 0.5.0, < 0.5.20.5.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from MD5 support in the auth.shadow module. The CheckPassword() function would be responsible for parsing /etc/shadow entries and verifying passwords using the stored hash. Since MD5 is explicitly mentioned as the weak mechanism, this function must contain logic to handle MD5 hashes. The file path is inferred from Go module conventions (auth/shadow component) and standard authentication implementation patterns. The confidence is high because the vulnerability directly relates to hash verification in the specified module.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t T*is vuln*r**ility *****ts m***y *.*.*, *.*.* us*rs usin* *ut*.s***ow mo*ul* *n* *n *xtr*m*ly out**t** syst*m t**t still *llows M** **s**s in /*t*/s***ows. ### P*t***s P*t** is *v*il**l* *s p*rt o* t** *.*.* r*l**s*. ### Work*roun*s

Reasoning

T** vuln*r**ility st*ms *rom `M**` support in t** `*ut*.s***ow` mo*ul*. T** `****kP*sswor*()` *un*tion woul* ** r*sponsi*l* *or p*rsin* `/*t*/s***ow` *ntri*s *n* v*ri*yin* p*sswor*s usin* t** stor** **s*. Sin** `M**` is *xpli*itly m*ntion** *s t** w*