Vulnerabilities > CVE-2019-20138 - Use of Password Hash With Insufficient Computational Effort vulnerability in Http Authentication Library Project Http Authentication Library

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

http-authentication-library-project

CWE-916

NVD

Published: 2019-12-30

Updated: 2021-07-21

Summary

The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the default algorithm for libsodium's crypto_pwhash_str is not used.

Vulnerable Configurations

Part	Description	Count
Application	Http_Authentication_Library_Project Http Authentication Library Project Http Authentication Library - Http Authentication Library Project Http Authentication Library 0.1.0 Http Authentication Library Project Http Authentication Library 0.1.2 Http Authentication Library Project Http Authentication Library 0.1.3 Http Authentication Library Project Http Authentication Library 0.2.0	5

Common Weakness Enumeration (CWE)

CWE-916 - Use of Password Hash With Insufficient Computational Effort

References

https://github.com/FedericoCeratto/nim-httpauth/commit/15fd0686dc363075c08976ad897d6c92e1e6283c