Homepage
About Snyk

Inadequate Encryption Strength Affecting org.apache.wicket:wicket-core package, versions [,1.5.13) [6.0.0,6.19.0) [7-alpha,7.0.0-M5)

0.0
high

Snyk CVSS

    Attack Complexity Low
    Confidentiality High

    Threat Intelligence

    EPSS 0.05% (20th percentile)
Expand this section
NVD
7.5 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JAVA-ORGAPACHEWICKET-31016
  • published 19 Oct 2015
  • disclosed 19 Oct 2015
  • credit Fabian Faessler
Report a new vulnerability Found a mistake?

Introduced: 19 Oct 2015

CVE-2014-7808 Open this link in a new tab
CWE-326 Open this link in a new tab

Overview

org.apache.wicket:wicket-core Affected versions of the package are vulnerable to Inadequate Encryption Strength. With Wicket's default security settings the usage of CryptoMapper to encrypt/obfuscate pages' urls is not strong enough. It is possible to predict the encrypted version of an url based on the previous history.