CVE-2022-2582

MEDIUM Year: 2022
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-326
View all →

Vulnerability Description

The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it.

Related Vulnerabilities

CVE-2018-19001

MEDIUM
CVSS:4.3(Medium)

Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required.

CWE-3262018

CVE-2016-3034

MEDIUM
CVSS:4.4(Medium)

IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily.

CWE-3262016

CVE-2020-9128

MEDIUM
CVSS:4.4(Medium)

FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak.

CWE-3262020

CVE-2021-38983

MEDIUM
CVSS:4.4(Medium)

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 21279...

CWE-3262021

CVE-2023-37397

MEDIUM
CVSS:4.4(Medium)

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data. IBM X-Force ID: 259672.

CWE-3262023

CVE-2017-2399

MEDIUM
CVSS:4.6(Medium)

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Pasteboard" component. It allows physically proximate attackers to read the pasteboard by levera...

CWE-3262017