Skip to content

Improve encryption algorithm

Low
orthagh published GHSA-7xwm-4vjr-jvqh Jul 7, 2020

Package

No package listed

Affected versions

all

Patched versions

9.5.0

Description

The "encryption" algorithm used is really weak.
The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data.

Solution is to rely on a stronger encryption algorithm; we've choose sodium since it is available as a native PHP extension, but also as PHP polyfill library (so the native extension is not mandatory).

Severity

Low

CVE ID

CVE-2020-11031

Weaknesses

No CWEs