An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js.
References
Link | Resource |
---|---|
https://github.com/bcoin-org/bcoin/issues/1174 | Exploit |
https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-50475.md | Third Party Advisory |
Configurations
History
29 Dec 2023, 16:50
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:bcoin:bcoin:2.2.0:*:*:*:*:*:*:* | |
References | () https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-50475.md - Third Party Advisory | |
References | () https://github.com/bcoin-org/bcoin/issues/1174 - Exploit | |
CWE | CWE-327 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
21 Dec 2023, 13:22
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-21 11:15
Updated : 2024-02-05 00:22
NVD link : CVE-2023-50475
Mitre link : CVE-2023-50475
CVE.ORG link : CVE-2023-50475
JSON object : View
Products Affected
bcoin
- bcoin
CWE
CWE-327
Use of a Broken or Risky Cryptographic Algorithm