Vulnerabilities > CVE-2016-10652 - Cryptographic Issues vulnerability in Prebuild-Lwip Project Prebuild-Lwip

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

prebuild-lwip-project

CWE-310

NVD

Published: 2018-06-04

Updated: 2019-10-09

Summary

prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

Vulnerable Configurations

Part	Description	Count
Application	Prebuild-Lwip_Project Prebuild Lwip Project Prebuild Lwip 0.0.1 Prebuild Lwip Project Prebuild Lwip 0.0.2 Prebuild Lwip Project Prebuild Lwip 0.0.3 Prebuild Lwip Project Prebuild Lwip 0.0.4	4

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

References

https://nodesecurity.io/advisories/248