CVE-2021-33589Insufficiently Protected Credentials in RNP

CWE-522Insufficiently Protected Credentials4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 60.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Ribose RNPDebian RNP
Timeline
PublishedApr 21

Description

Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDribose/rnp< 0.15.1
Debianribose/rnp< 0.15.1-1+2
debiandebian/rnp< rnp 0.15.1-1 (bookworm)

🔴Vulnerability Details

2
OSV
CVE-2021-33589: Ribose RNP before 02023-04-21
GHSA
GHSA-85rv-559q-9c4r: Ribose RNP before 02023-04-21

📋Vendor Advisories

1
Debian
CVE-2021-33589: rnp - Ribose RNP before 0.15.1 does not implement a required step in a cryptographic a...2021
CVE-2021-33589 — Insufficiently Protected Credentials | cvebase