Insecure Hashing Algorithm in contwidgetor

Do your applications use this vulnerable package? Test your applications

Overview

contwidgetor is a contributions widget for both bitbucket and github.

Affected versions of the package use the insecure SHA-1 in the authentication method. It is possible to duplicate the hash and should not be used in security sensitive instances.

Remediation

There is no fix version for contwidgetor.

References

Github Issue
Google Security Blog
Vulnerable Code

Attack Vector

Network
Attack Complexity

High
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

Low
Integrity

None
Availability

None

Credit: Liang Gong
CWE: CWE-916
Snyk ID: npm:contwidgetor:20170303
Disclosed: 02 Mar, 2017
Published: 28 Jun, 2017

Insecure Hashing Algorithm
Affecting contwidgetor package, ALL versions

Overview

Remediation

References

CVSS Score

Insecure Hashing Algorithm Affecting contwidgetor package, ALL versions

Overview

Remediation

References

Insecure Hashing Algorithm
Affecting contwidgetor package, ALL versions