Insecure Hashing Algorithm

Affecting contwidgetor package, ALL versions

Do your applications use this vulnerable package? Test your applications

Overview

contwidgetor is a contributions widget for both bitbucket and github.

Affected versions of the package use the insecure SHA-1 in the authentication method. It is possible to duplicate the hash and should not be used in security sensitive instances.

Remediation

There is no fix version for contwidgetor.

References

CVSS Score

3.7
low severity
  • Attack Vector
    Network
  • Attack Complexity
    High
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    Low
  • Integrity
    None
  • Availability
    None
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C
Credit
Liang Gong
CWE
CWE-916
Snyk ID
npm:contwidgetor:20170303
Disclosed
02 Mar, 2017
Published
28 Jun, 2017