How severe is CVE-2023-31135?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2023-31135?

This is classified as CWE-326, which is a common weakness in software security.

CVE-2023-31135 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being encrypted. This is problematic because two log lines will often have the same length, so due to these collisions we are reusing the same nonce many times. All audit logs generated by versions of Dgraph <v23.0.0 are affected. Attackers must have access to the system the logs are stored on. Dgraph users should upgrade to v23.0.0. Users unable to upgrade should store existing audit logs in a secure location and for extra security, encrypt using an external tool like `gpg`.

Related Vulnerabilities

CVE-2002-1682

MEDIUM

CVSS:5.5(Medium)

NewsReactor 1.0 uses a weak encryption scheme, which could allow local users to decrypt the passwords and gain access to other users' newsgroup accounts.

CWE-3262002

CVE-2002-1739

MEDIUM

CVSS:5.5(Medium)

Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords.

CWE-3262002

CVE-2002-1946

MEDIUM

CVSS:5.5(Medium)

Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme (one-to-one mapping) in a registry ke...

CWE-3262002

CVE-2002-1975

MEDIUM

CVSS:5.5(Medium)

Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via br...

CWE-3262002

CVE-2018-1518

MEDIUM

CVSS:5.5(Medium)

IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. IBM X-Force ID: 141682.

CWE-3262018

CVE-2020-10375

MEDIUM

CVSS:5.5(Medium)

An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords...

CWE-3262020