CVE-2022-2582— Exposure of unencrypted plaintext hash in github.com/aws/aws-sdk-go

Exposure of unencrypted plaintext hash in github.com/aws/aws-sdk-go

The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it.

N/A

N/A

AWS SDK for Android 加密问题漏洞

AWS SDK for Android是AWS Amplify开源的一个适用于 Android的 AWS SDK。 AWS SDK for Android 存在安全漏洞，该漏洞源于将明文的未加密哈希与密文一起作为元数据字段发送。 如果攻击者可读该散列，则该散列可用于暴力破解明文。

N/A

N/A