CVE-2021-39182: 
Python vulnerability analysis and mitigation

EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. This was considered problematic as MD5 is an insecure hashing algorithm that could cause issues for beginners unfamiliar with secure hashing practices. The vulnerability was discovered and disclosed in November 2021 (GHSA Advisory, NVD).

The vulnerability existed in the hashing.py file where the MD5 hashing function was implemented. MD5 is cryptographically broken and vulnerable to collision attacks, making it unsuitable for secure hashing purposes. The issue was assigned a CVSS score of 5.0 (Medium severity) due to its potential impact on security when used by developers unfamiliar with cryptographic best practices (MITRE CVE).

The use of MD5 could potentially lead to security issues in applications built using EnroCrypt, particularly for developers who are not familiar with the cryptographic weaknesses of MD5. This could result in inadequate protection of hashed data and potential vulnerability to collision attacks (GHSA Advisory).

The vulnerability was patched in version 1.1.4 of EnroCrypt. Users are recommended to upgrade to this version or later. For those unable to upgrade, a workaround is available by removing the MD5 hashing function from the hashing.py file (GHSA Advisory).