Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NSecurly
APPSecurly3.0.7
Powiązane podatności
Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filter...
Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js....
Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauth...
Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via c...
Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided pat...