Skip to content

Reversible One-Way Hash and Use of a Broken or Risky Cryptographic Algorithm in io.github.javaezlib.JavaEZ

Moderate
JavaEZLib published GHSA-67fj-6w6m-w5j8 May 22, 2022

Package

maven io.github.javaezlib.JavaEZ (Maven)

Affected versions

1.6

Patched versions

1.7+

Description

Impact

This weakness allows the force decryption of locked text by hackers. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. Upgrading to 1.7 is advised.

Patches

The vulnerability has been patched in release 1.7.

Workarounds

Currently there is no way to fix the issue without upgrading.

References

CWE-327
CWE-328

For more information

If you have any questions or comments about this advisory:

Severity

Moderate

CVE ID

CVE-2022-29249

Weaknesses

Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol. Learn more on MITRE.

Use of Weak Hash

The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack). Learn more on MITRE.