CVE-2019-20138

HIGH

Nim HTTP Auth <2019-12-27 - Info Disclosure

Title source: llm

Description

The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the default algorithm for libsodium's crypto_pwhash_str is not used.

References (1)

[Patch, Third Party Advisory] https://github.com/FedericoCeratto/nim-httpauth/commit/15fd0686dc363075c08976ad897d6c92e1e6283c

View Patch ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0017

EPSS Percentile 38.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-327 CWE-916

Status published

Products (1)

http_authentication_library_project/http_authentication_library < 2019-12-27

Published Dec 30, 2019

Tracked Since Feb 18, 2026