{"id":"CVE-2024-7701","summary":"Misuse of SHA256 to create an encryption key","details":"Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects percona-toolkit: 3.6.0.","modified":"2026-05-18T05:58:02.323751268Z","published":"2024-12-15T10:56:26.124Z","database_specific":{"cwe_ids":["CWE-916"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/7xxx/CVE-2024-7701.json","cna_assigner":"CyberArk"},"references":[{"type":"WEB","url":"https://github.com/percona/percona-toolkit/blob/aa1ac0e6889168fddf73c3a72d447e9ea0c0c63b/src/go/pt-secure-collect/encrypt.go#L17"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/7xxx/CVE-2024-7701.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7701"},{"type":"PACKAGE","url":"https://github.com/percona/percona-toolkit"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/percona/percona-toolkit","events":[{"introduced":"0"},{"last_affected":"655a5fa9db8039ae24c37a08cac58a4bc82b0d7f"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"3.6.0"}],"source":"AFFECTED_FIELD"}}],"versions":["v3.6.0","v3.5.7","v3.5.5","v3.5.4","v3.5.3","v3.5.2","v3.3.0","v3.2.0","v3.2.0-rc","3.0.6","3.0.5","3.0.5-test","3.0.0","3.0.3","3.0.2","3.0.2-testing","3.0.1","2.2.7","2.2.6","2.2.5","2.2.3","2.2.2","2.2.1","2.1.7","2.1.6","2.1.5","2.1.3","2.1.2","2.1.1","2.0.4","2.0.3","2.0.2","2.0.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-7701.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}]}