Inadequate Encryption Strength vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.3.5.
Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead.
Users are recommended to upgrade to version 1.4.0, which fixes the issue.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 12:00:00 +0000
Wed, 25 Sep 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apache
Apache answer |
|
CPEs | cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:* | |
Vendors & Products |
Apache
Apache answer |
|
Metrics |
cvssV3_1
|
Wed, 25 Sep 2024 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommended to upgrade to version 1.4.0, which fixes the issue. | |
Title | Apache Answer: Avatar URL leaked user email addresses | |
Weaknesses | CWE-326 | |
References |
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-09-25T07:31:08.416Z
Updated: 2024-09-27T19:02:34.376Z
Reserved: 2024-07-10T07:49:21.665Z
Link: CVE-2024-40761
Vulnrichment
Updated: 2024-09-27T19:02:34.376Z
NVD
Status : Awaiting Analysis
Published: 2024-09-25T08:15:04.437
Modified: 2024-11-21T09:31:34.510
Link: CVE-2024-40761
Redhat
No data.