Homepage
About Snyk

Use of a Broken or Risky Cryptographic Algorithm Affecting @devicefarmer/stf package, versions *

Severity

 Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    EPSS
    0.07% (31st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JS-DEVICEFARMERSTF-6209699
  • published 2 Feb 2024
  • disclosed 30 Jan 2024
  • credit tianjk99
Report a new vulnerability Found a mistake?

Introduced: 30 Jan 2024

CVE-2023-51839 Open this link in a new tab
CWE-327 Open this link in a new tab

How to fix?

There is no fixed version for @devicefarmer/stf.

Overview

@devicefarmer/stf is a Smartphone Test Farm

Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the use of an outdated or insecure cryptographic algorithm. An attacker can potentially compromise the confidentiality, integrity, or authenticity of data by exploiting this weakness.

Note: DES-ECB uses a fixed encryption key and does not incorporate an initialization vector (IV). As a result, it produces the same output for identical input blocks, making it susceptible to pattern recognition and exposing encrypted data patterns.

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
7.4 high
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    High
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    High
  • Integrity (I)
    High
  • Availability (A)
    None
Expand this section

NVD

9.1 critical