Back to search
CVE-2024-40761
Published: Sep 25, 2024
Modified: Sep 27, 2024
PUBLISHED
Description
Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommended to upgrade to version 1.4.0, which fixes the issue.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Answer | affected 0 - <= 1.3.5 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now