What is CVE-2022-29835?

CVE-2022-29835 refers to a vulnerability in the WD Discovery software, where the executable files were signed with an unsafe SHA-1 hashing algorithm.

How does CVE-2022-29835 impact user content?

CVE-2022-29835 can impact the confidentiality of user content due to the possibility of forged certificate signatures.

What is the severity of CVE-2022-29835?

CVE-2022-29835 has a severity rating of 5.3, which is considered medium.

Which versions of the WD Discovery software are affected by CVE-2022-29835?

WD Discovery software versions up to 4.4.396 for both macOS and Windows are affected by CVE-2022-29835.

How can I fix CVE-2022-29835?

To fix CVE-2022-29835, users should update their WD Discovery software to a version beyond 4.4.396.

Vulnerability/
CVE-2022-29835

medium

5.3

CWE

326 328

19/9/2022

3/8/2024

CVE-2022-29835: WD Discovery's Use of Weak Hashing Algorithm for Code Signing

First published: Mon Sep 19 2022(Updated: )

WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows.

Credit: psirt@wdc.com psirt@wdc.com

Affected Software	Affected Version	How to fix
Westerndigital Wd Discovery	<4.4.396
Westerndigital Wd Discovery	<4.4.396

Remedy

Users can download the latest version from the WD Discovery Downloads page [https://support.wdc.com/downloads.aspx?p=294&lang=en] or by following the instructions on the WD Discovery: Online User Guide [https://support-en.wd.com/app/answers/detailweb/a_id/20465].

Never miss a vulnerability like this again

Reference Links

https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396

Frequently Asked Questions

What is CVE-2022-29835?
CVE-2022-29835 refers to a vulnerability in the WD Discovery software, where the executable files were signed with an unsafe SHA-1 hashing algorithm.
How does CVE-2022-29835 impact user content?
CVE-2022-29835 can impact the confidentiality of user content due to the possibility of forged certificate signatures.
What is the severity of CVE-2022-29835?
CVE-2022-29835 has a severity rating of 5.3, which is considered medium.
Which versions of the WD Discovery software are affected by CVE-2022-29835?
WD Discovery software versions up to 4.4.396 for both macOS and Windows are affected by CVE-2022-29835.
How can I fix CVE-2022-29835?
To fix CVE-2022-29835, users should update their WD Discovery software to a version beyond 4.4.396.

collector/nvd-index
collector/nvd-api
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/title
agent/remedy
agent/references
agent/weakness
agent/last-modified-date
agent/description
agent/tags
agent/first-publish-date
agent/event
vendor/westerndigital
canonical/westerndigital wd discovery

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.