Use of a Broken or Risky Cryptographic Algorithm Affecting @devicefarmer/stf package, versions *
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-DEVICEFARMERSTF-6209699
- published 2 Feb 2024
- disclosed 30 Jan 2024
- credit tianjk99
Introduced: 30 Jan 2024
CVE-2023-51839 Open this link in a new tabHow to fix?
There is no fixed version for @devicefarmer/stf
.
Overview
@devicefarmer/stf is a Smartphone Test Farm
Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the use of an outdated or insecure cryptographic algorithm. An attacker can potentially compromise the confidentiality, integrity, or authenticity of data by exploiting this weakness.
Note: DES-ECB uses a fixed encryption key and does not incorporate an initialization vector (IV). As a result, it produces the same output for identical input blocks, making it susceptible to pattern recognition and exposing encrypted data patterns.