CVE-2021-39182

HIGH

EnroCrypt <1.1.4 - Info Disclosure

Title source: llm

Description

EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of the product. As a workaround, users can remove the `MD5` hashing function from the file `hashing.py`.

References (2)

[Exploit, Third Party Advisory] https://github.com/Morgan-Phoenix/EnroCrypt/commit/e652d56ac60eadfc26489ab83927af13a9b9d8ce

View Exploit ZIP pw:eip

[Third Party Advisory] https://github.com/Morgan-Phoenix/EnroCrypt/security/advisories/GHSA-35m5-8cvj-8783

Scores

CVSS v3 7.5

EPSS 0.0008

EPSS Percentile 23.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-327 CWE-326 CWE-916 CWE-328

Status published

Affected Products (2)

enrocrypt_project/enrocrypt < 1.1.4

pypi/enrocrypt < 1.1.4PyPI

Timeline

Published Nov 08, 2021

Tracked Since Feb 18, 2026