cap-strap Gem for Ruby Hardcoded Password Crypt Hash Salt Weakness
Published: June 30, 2014
SECURITY IDENTIFIERS
- OSVDB: OSVDB-108575
- Vendor Advisory: https://www.openwall.com/lists/oss-security/2014/07/07/9
GEM
PATCHED VERSIONS
None available.
DESCRIPTION
cap-strap Gem for Ruby contains a flaw that is due to the application using a hardcoded default 'sa' salt for password encryption. This may allow a local attacker to more easily decrypt passwords.