Skip to content

MD5 hash support in github.com/foxcpp/maddy

Low severity GitHub Reviewed Published Oct 11, 2021 in foxcpp/maddy • Updated Jan 9, 2023

Package

gomod github.com/foxcpp/maddy (Go)

Affected versions

>= 0.5.0, < 0.5.2

Patched versions

0.5.2

Description

Impact

This vulnerability affects maddy 0.5.1, 0.5.0 users using auth.shadow module
and an extremely outdated system that still allows MD5 hashes in
/etc/shadows.

Patches

Patch is available as part of the 0.5.2 release.

Workarounds

Ensure MD5 hashes are not present in /etc/shadow.

References

@foxcpp foxcpp published to foxcpp/maddy Oct 11, 2021
Reviewed Oct 11, 2021
Published to the GitHub Advisory Database Oct 12, 2021
Last updated Jan 9, 2023

Severity

Low
3.0
/ 10

CVSS base metrics

Attack vector
Local
Attack complexity
High
Privileges required
High
User interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-qh54-9vc5-m9fg

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.