Vulnerability Database

321,672

Total vulnerabilities in the database

CVE-2024-40761

Inadequate Encryption Strength vulnerability in Apache Answer.

This issue affects Apache Answer: through 1.3.5.

Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommended to upgrade to version 1.4.0, which fixes the issue.

Published: Sep 25, 2024
Updated: Nov 16, 2025
CVE: CVE-2024-40761
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-326

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
apache / answer	-	1.3.5.x

http://www.openwall.com/lists/oss-security/2024/09/25/2
http://www.openwall.com/lists/oss-security/2024/09/25/5
http://www.openwall.com/lists/oss-security/2024/09/25/6
http://www.openwall.com/lists/oss-security/2024/09/25/7
http://www.openwall.com/lists/oss-security/2024/09/25/8
http://www.openwall.com/lists/oss-security/2024/09/26/1
http://www.openwall.com/lists/oss-security/2024/09/26/3
http://www.openwall.com/lists/oss-security/2024/09/26/4
http://www.openwall.com/lists/oss-security/2024/09/27/4
http://www.openwall.com/lists/oss-security/2024/09/27/5
http://www.openwall.com/lists/oss-security/2024/09/27/8
https://lists.apache.org/thread/mmrhsfy16qwrw0pkv0p9kj40vy3sg08x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo