CVE-2022-29835
19.09.2022, 20:15
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows.Enginsight
| Vendor | Product | Version |
|---|---|---|
| westerndigital | wd_discovery | 𝑥 < 4.4.396 |
| westerndigital | wd_discovery | 𝑥 < 4.4.396 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-328 - Use of Weak HashThe product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).
- CWE-326 - Inadequate Encryption StrengthThe software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.