CVE-2021-39182
HIGHEnroCrypt < 1.1.4 - Use of Broken MD5 Hashing Algorithm
Title source: llmDescription
EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of the product. As a workaround, users can remove the `MD5` hashing function from the file `hashing.py`.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/Morgan-Phoenix/EnroCrypt/security/advisories/GHSA-35m5-8cvj-8783
Exploit, Third Party Advisory x_refsource_misc
https://github.com/Morgan-Phoenix/EnroCrypt/commit/e652d56ac60eadfc26489ab83927af13a9b9d8ce
Scores
CVSS v3
7.5
EPSS
0.0054
EPSS Percentile
41.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-327
CWE-326
CWE-916
CWE-328
Status
published
Products (2)
enrocrypt_project/enrocrypt
< 1.1.4
pypi/enrocrypt
0 - 1.1.4PyPI
Published
Nov 08, 2021
Tracked Since
Feb 18, 2026