Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0,…
GitHub_M·CWE-327·Published 2026-01-29
Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, `libparsec_crypto`, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled with its RustCrypto backend. In practice this means an attacker in a man-in-the-middle position would be able to provide weak order points to both parties in the Diffie-Hellman exchange, resulting in a high probability to for both parties to obtain the same shared key (hence leading to a successful SAS code exchange, misleading both parties into thinking no MITM has occurred) which is also known by the attacker. Note only Parsec web is impacted (as Parsec desktop uses `libparsec_crypto` with the libsodium backend). Version 3.6.0 of Parsec patches the issue.
Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, `libparsec_crypto`, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled with its RustCrypto backend. In practice this means an attacker in a man-in-the-middle position would be able to provide weak order points to both parties in the Diffie-Hellman exchange, resulting in a high probability to for both parties to obtain the same shared key (hence leading to a successful SAS code exchange, misleading both parties into thinking no MITM has occurred) which is also known by the attacker. Note only Parsec web is impacted (as Parsec desktop uses `libparsec_crypto` with the libsodium backend). Version 3.6.0 of Parsec patches the issue.
Parsec es una aplicación basada en la nube para el intercambio de archivos criptográficamente seguro. En versiones de la rama 3.x anteriores a la 3.6.0, 'libparsec_crypto', un componente de la aplicación Parsec, no verifica los puntos de orden débil de Curve25519 cuando se compila con su backend RustCrypto. En la práctica, esto significa que un atacante en una posición de man-in-the-middle podría proporcionar puntos de orden débil a ambas partes en el intercambio Diffie-Hellman, lo que resultaría en una alta probabilidad de que ambas partes obtengan la misma clave compartida (lo que llevaría a un intercambio exitoso de código SAS, engañando a ambas partes para que piensen que no ha ocurrido ningún MitM) y que también es conocida por el atacante. Tenga en cuenta que solo Parsec web se ve afectado (ya que Parsec desktop utiliza 'libparsec_crypto' con el backend libsodium). La versión 3.6.0 de Parsec corrige el problema.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | cve.org | 8.3 | — | — | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L |
| 3.1 | Primary | cve.org | 8.3 | — | — | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L |
| 3.1 | Primary | NVD | 7.1 | 1.6 | 5.5 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L |
| 3.1 | Secondary | NVD | 8.3 | 2.8 | 5.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L |