CVE-2022-29835
WD Discovery's Use of Weak Hashing Algorithm for Code Signing
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows.
| CWE | CWE-328 |
| Vendor | western digital |
| Product | wd discovery |
| Published | Sep 19, 2022 |
| Last Updated | Aug 3, 2024 |
Stay Ahead of the Next One
Get instant alerts for western digital wd discovery
Be the first to know when new medium vulnerabilities affecting western digital wd discovery are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
Western Digital / WD Discovery
WD Discovery Desktop App < 4.4.396
Western Digital / WD Discovery
WD Discovery Desktop App < 4.4.396