Description

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommended to upgrade to version 1.4.0, which fixes the issue.

INFO

Published Date :

2024-09-25T07:31:08.416Z

Last Modified :

2024-09-27T19:02:34.376Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2024-40761 vulnerability.

Vendors Products
Apache
  • Answer
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-40761.

URL Resource
http://www.openwall.com/lists/oss-security/2024/09/25/2 cve-icon
http://www.openwall.com/lists/oss-security/2024/09/25/5 cve-icon
http://www.openwall.com/lists/oss-security/2024/09/25/6 cve-icon
http://www.openwall.com/lists/oss-security/2024/09/25/7 cve-icon
http://www.openwall.com/lists/oss-security/2024/09/25/8 cve-icon
http://www.openwall.com/lists/oss-security/2024/09/26/1 cve-icon
http://www.openwall.com/lists/oss-security/2024/09/26/3 cve-icon
http://www.openwall.com/lists/oss-security/2024/09/26/4 cve-icon
http://www.openwall.com/lists/oss-security/2024/09/27/4 cve-icon
http://www.openwall.com/lists/oss-security/2024/09/27/5 cve-icon
http://www.openwall.com/lists/oss-security/2024/09/27/8 cve-icon
https://lists.apache.org/thread/mmrhsfy16qwrw0pkv0p9kj40vy3sg08x cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact