CVE-2022-29835

WD Discovery's Use of Weak Hashing Algorithm for Code Signing

Description

WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows.

Remediation

Solution:

Users can download the latest version from the WD Discovery Downloads page [https://support.wdc.com/downloads.aspx?p=294&lang=en] or by following the instructions on the WD Discovery: Online User Guide [https://support-en.wd.com/app/answers/detailweb/a_id/20465].

References

Link	Tags
https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2022-29835?: CVE-2022-29835 has been scored as a medium severity vulnerability.
How to fix CVE-2022-29835?: To fix CVE-2022-29835: Users can download the latest version from the WD Discovery Downloads page [https://support.wdc.com/downloads.aspx?p=294&lang=en] or by following the instructions on the WD Discovery: Online User Guide [https://support-en.wd.com/app/answers/detailweb/a_id/20465].
Is CVE-2022-29835 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-29835 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-29835?: CVE-2022-29835 affects Western Digital WD Discovery, Western Digital WD Discovery.

Description

Remediation

Categories

CWE-328 – Use of Weak Hash

CWE-326 – Inadequate Encryption Strength

References

Frequently Asked Questions