Cryptographic Issues Affecting dotnetnuke.core Open this link in a new tab package, versions [9.2.0,9.3.0)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
26 Nov 2019
3 Jul 2019
How to fix?
DotNetNuke.Core to version 9.3.0 or higher.
DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform.
Affected versions of this package are vulnerable to Cryptographic Issues. It incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.