ADVISORIES

• OSVDB-108575
• Vendor Advisory

GEM

cap-strap

PATCHED VERSIONS

None.

DESCRIPTION

cap-strap Gem for Ruby contains a flaw that is due to the application using a hardcoded default 'sa' salt for password encryption. This may allow a local attacker to more easily decrypt passwords.

RELATED

• https://www.openwall.com/lists/oss-security/2014/07/07/9
• https://github.com/substantial/cap-strap
• http://www.vapid.dhs.org/advisories/cap-strap-0.1.5.html
• http://www.vapidlabs.com/advisory.php?v=27
• http://osvdb.org/show/osvdb/108575