GMS-2021-92: MD5 hash support in github.com/foxcpp/maddy

October 12, 2021

Impact

This vulnerability affects maddy 0.5.1, 0.5.0 users using auth.shadow module and an extremely outdated system that still allows MD5 hashes in /etc/shadows.

Patches

Patch is available as part of the 0.5.2 release.

Workarounds

Ensure MD5 hashes are not present in /etc/shadow.

References

github.com/advisories/GHSA-qh54-9vc5-m9fg
github.com/foxcpp/maddy/security/advisories/GHSA-qh54-9vc5-m9fg

Code Behaviors & Features

Detect and mitigate GMS-2021-92 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →