How severe is CVE-2018-5382?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2018-5382?

This is classified as CWE-327, which is a common weakness in software security.

CVE-2018-5382

MEDIUM Year: 2018

CVSS v3 Score

4.4

Medium

CVSS v2 Score

3.6

Low

Weakness Type

CWE-327

View all →

Vulnerability Description

The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47. For situations where people need to create the files for legacy reasons a specific keystore type "BKS-V1" was introduced in 1.49. It should be noted that the use of "BKS-V1" is discouraged by the library authors and should only be used where it is otherwise safe to do so, as in where the use of a 16 bit checksum for the file integrity check is not going to cause a security issue in itself.

CVE-2008-3775

MEDIUM

CVSS:4.4(Medium)

Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the password, which allows local administrators to obtain sensitive information by reading and decrypting the QualityControl\_pack regis...

CWE-3272008

CVE-2017-1339

MEDIUM

CVSS:4.4(Medium)

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or admi...

CWE-3272017

CVE-2020-1826

MEDIUM

CVSS:4.4(Medium)

Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.175(C00E59R2P11) have an information leak vulnerability. Due to a module using weak encryption tool, an attacker with the root permi...

CWE-3272020

CVE-2017-15326

MEDIUM

CVSS:4.3(Medium)

DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an inse...

CWE-3272017

CVE-2019-16116

MEDIUM

CVSS:4.3(Medium)

EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. This allows an attacker to obtain the administrator password hash.

CWE-3272019

CVE-2020-29536

MEDIUM

CVSS:4.3(Medium)

Archer before 6.8 P2 (6.8.0.2) is affected by a path exposure vulnerability. A remote authenticated malicious attacker with access to service files may obtain sensitive information to use it in furthe...

CWE-3272020

CVE-2018-5382

Vulnerability Description

Related Vulnerabilities

CVE-2008-3775

CVE-2017-1339

CVE-2020-1826

CVE-2017-15326

CVE-2019-16116

CVE-2020-29536