CWE-916
Use of Password Hash With Insufficient Computational Effort
The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.
CVE-2014-2354 (GCVE-0-2014-2354)
Vulnerability from cvelistv5
Published
2014-05-30 23:00
Modified
2025-10-03 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:14:25.313Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "DataHub", "vendor": "Cogent", "versions": [ { "lessThan": "7.3.5", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Alain Homewood" } ], "datePublic": "2014-05-29T06:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003e\n\n\nCogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.\n\n\u003c/p\u003e" } ], "value": "Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack." } ], "metrics": [ { "cvssV2_0": { "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "version": "2.0" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-916", "description": "CWE-916", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-10-03T16:34:03.154Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-149-02" }, { "url": "http://cogentdatahub.com/Download_Software.html" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eCogent Real-Time Systems, Inc. has produced a new version of the \nCogent DataHub application, Version 7.3.5, that fixes three of the four \nidentified vulnerabilities. The updated version is available at the \nfollowing address:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://cogentdatahub.com/Download_Software.html\"\u003ehttp://cogentdatahub.com/Download_Software.html\u003c/a\u003e\u003c/p\u003eCogent\n has indicated that it will not be fixing the cryptographic weaknesses \nof hashed usernames and passwords because of compatibility issues with \nexisting systems. Cogent and the researcher agree that an effective \nmitigation strategy for users is to select sufficiently strong \npasswords. Cogent has indicated that password hashes can be checked for \nstrength using sites such as: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://crackstation.net/\"\u003ehttps://crackstation.net/\u003c/a\u003e.\n\n\u003cbr\u003e" } ], "value": "Cogent Real-Time Systems, Inc. has produced a new version of the \nCogent DataHub application, Version 7.3.5, that fixes three of the four \nidentified vulnerabilities. The updated version is available at the \nfollowing address:\n\n\n http://cogentdatahub.com/Download_Software.html \n\nCogent\n has indicated that it will not be fixing the cryptographic weaknesses \nof hashed usernames and passwords because of compatibility issues with \nexisting systems. Cogent and the researcher agree that an effective \nmitigation strategy for users is to select sufficiently strong \npasswords. Cogent has indicated that password hashes can be checked for \nstrength using sites such as: https://crackstation.net/ ." } ], "source": { "advisory": "ICSA-14-149-02", "discovery": "EXTERNAL" }, "title": "Cogent DataHub Use of Password Hash With Insufficient Computational Effort", "x_generator": { "engine": "Vulnogram 0.2.0" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-2352", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Directory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arbitrary files of unspecified types, or cause a web-server denial of service, via a crafted pathname." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-2354", "datePublished": "2014-05-30T23:00:00", "dateReserved": "2014-03-13T00:00:00", "dateUpdated": "2025-10-03T16:34:03.154Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-21754 (GCVE-0-2024-21754)
Vulnerability from cvelistv5
Published
2024-06-11 14:32
Modified
2025-08-27 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-916 - Improper access control
Summary
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiProxy |
Version: 7.4.0 ≤ 7.4.2 Version: 7.2.0 ≤ 7.2.10 Version: 7.0.0 ≤ 7.0.17 Version: 2.0.0 ≤ 2.0.14 |
||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-21754", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-11T16:13:02.843870Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-08-27T20:42:53.370Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T22:27:36.270Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-423", "tags": [ "x_transferred" ], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-423" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.10", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.17", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.14", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.8", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.15", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a\u00a0privileged attacker with super-admin profile and CLI access to decrypting the backup file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 1.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N/E:F/RL:X/RC:R", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-916", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-11T14:32:01.335Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-423", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-423" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiProxy version 7.4.3 or above \nPlease upgrade to FortiOS version 7.4.4 or above \n" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-21754", "datePublished": "2024-06-11T14:32:01.335Z", "dateReserved": "2024-01-02T10:15:00.526Z", "dateUpdated": "2025-08-27T20:42:53.370Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-3183 (GCVE-0-2024-3183)
Vulnerability from cvelistv5
Published
2024-06-12 08:18
Modified
2025-08-01 18:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-916 - Use of Password Hash With Insufficient Computational Effort
Summary
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password.
If a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal’s password).
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:3754 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3755 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3756 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3757 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3758 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3759 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3760 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3761 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3775 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2024-3183 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2270685 | issue-tracking, x_refsource_REDHAT | |
https://www.freeipa.org/release-notes/4-12-1.html |
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-3183", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-12T13:41:24.168315Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-12T13:43:10.079Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T20:05:07.630Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:3754", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3754" }, { "name": "RHSA-2024:3755", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3755" }, { "name": "RHSA-2024:3756", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3756" }, { "name": "RHSA-2024:3757", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3757" }, { "name": "RHSA-2024:3758", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3758" }, { "name": "RHSA-2024:3759", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3759" }, { "name": "RHSA-2024:3760", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3760" }, { "name": "RHSA-2024:3761", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3761" }, { "name": "RHSA-2024:3775", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3775" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-3183" }, { "name": "RHBZ#2270685", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270685" }, { "tags": [ "x_transferred" ], "url": "https://www.freeipa.org/release-notes/4-12-1.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WT3JL7JQDIAFKKEFARWYES7GZNWGQNCI/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/freeipa/freeipa", "defaultStatus": "unknown", "packageName": "freeipa", "versions": [ { "status": "unaffected", "version": "4.12.1", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::workstation" ], "defaultStatus": "affected", "packageName": "ipa", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.6.8-5.el7_9.17", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "idm:DL1", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8100020240528133707.823393f5", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_aus:8.2::appstream" ], "defaultStatus": "affected", "packageName": "idm:DL1", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8020020240530191103.792f4060", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream" ], "defaultStatus": "affected", "packageName": "idm:DL1", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8040020240528055121.5b01ab7e", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream" ], "defaultStatus": "affected", "packageName": "idm:DL1", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8040020240528055121.5b01ab7e", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream" ], "defaultStatus": "affected", "packageName": "idm:DL1", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8040020240528055121.5b01ab7e", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream" ], "defaultStatus": "affected", "packageName": "idm:DL1", "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8060020240530061719.ada582f1", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream" ], "defaultStatus": "affected", "packageName": "idm:DL1", "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8060020240530061719.ada582f1", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:8.6::appstream", "cpe:/a:redhat:rhel_aus:8.6::appstream", "cpe:/a:redhat:rhel_tus:8.6::appstream" ], "defaultStatus": "affected", "packageName": "idm:DL1", "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8060020240530061719.ada582f1", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:8.8::appstream" ], "defaultStatus": "affected", "packageName": "idm:DL1", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8080020240530051744.b0a6ceea", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb" ], "defaultStatus": "affected", "packageName": "ipa", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.11.0-15.el9_4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.0::crb", "cpe:/a:redhat:rhel_eus:9.0::appstream" ], "defaultStatus": "affected", "packageName": "ipa", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.9.8-11.el9_0.3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/a:redhat:rhel_eus:9.2::crb" ], "defaultStatus": "affected", "packageName": "ipa", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.10.1-12.el9_2.2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "unaffected", "packageName": "ipa", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Mikhail Sukhov for reporting this issue." } ], "datePublic": "2024-06-10T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client\u2019s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user\u2019s password.\r\n\r\nIf a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal\u2019s password)." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-916", "description": "Use of Password Hash With Insufficient Computational Effort", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-08-01T18:50:55.510Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:3754", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3754" }, { "name": "RHSA-2024:3755", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3755" }, { "name": "RHSA-2024:3756", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3756" }, { "name": "RHSA-2024:3757", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3757" }, { "name": "RHSA-2024:3758", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3758" }, { "name": "RHSA-2024:3759", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3759" }, { "name": "RHSA-2024:3760", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3760" }, { "name": "RHSA-2024:3761", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3761" }, { "name": "RHSA-2024:3775", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3775" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-3183" }, { "name": "RHBZ#2270685", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270685" }, { "url": "https://www.freeipa.org/release-notes/4-12-1.html" } ], "timeline": [ { "lang": "en", "time": "2024-03-21T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-06-10T00:00:00+00:00", "value": "Made public." } ], "title": "Freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force", "workarounds": [ { "lang": "en", "value": "To mitigate this vulnerability, ticket requests to user principals are now disallowed in FreeIPA realms by default. This will keep attackers from obtaining data encrypted with the user key directly." } ], "x_redhatCweChain": "CWE-916: Use of Password Hash With Insufficient Computational Effort" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-3183", "datePublished": "2024-06-12T08:18:51.691Z", "dateReserved": "2024-04-02T09:48:54.404Z", "dateUpdated": "2025-08-01T18:50:55.510Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-26486 (GCVE-0-2025-26486)
Vulnerability from cvelistv5
Published
2025-03-19 15:46
Modified
2025-07-02 14:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Broken or Risky Cryptographic Algorithm, Use of Password Hash
With Insufficient Computational Effort, Use of Weak Hash, Use of a
One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager"
enable an attacker with access to
password hashes
to bruteforce user passwords or find a collision to ultimately while attempting to gain access to a target application that uses "Life 1st Identity Manager" as a service for authentication.
This issue affects Life 1st: 1.5.2.14234.
References
▼ | URL | Tags |
---|---|---|
https://www.cvcn.gov.it/cvcn/cve/CVE-2025-26486 | government-resource | |
https://euvd.enisa.europa.eu/vulnerability/CVE-2025-26486 | vdb-entry |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-26486", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-03-19T18:28:07.501414Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-03-19T18:28:28.268Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Life 1st", "vendor": "Beta80", "versions": [ { "status": "affected", "version": "1.5.2.14234" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Broken or Risky Cryptographic Algorithm, Use of Password Hash \nWith Insufficient Computational Effort, Use of Weak Hash, Use of a \nOne-Way Hash with a Predictable Salt vulnerabilities in Beta80 \"Life 1st Identity Manager\"\nenable an attacker with access to\npassword hashes\nto bruteforce user passwords or find a collision to ultimately while attempting to gain access to a target application that uses \"Life 1st Identity Manager\" as a service for authentication.\u003cbr\u003e\u003cp\u003eThis issue affects Life 1st: 1.5.2.14234.\u003c/p\u003e" } ], "value": "Broken or Risky Cryptographic Algorithm, Use of Password Hash \nWith Insufficient Computational Effort, Use of Weak Hash, Use of a \nOne-Way Hash with a Predictable Salt vulnerabilities in Beta80 \"Life 1st Identity Manager\"\nenable an attacker with access to\npassword hashes\nto bruteforce user passwords or find a collision to ultimately while attempting to gain access to a target application that uses \"Life 1st Identity Manager\" as a service for authentication.\nThis issue affects Life 1st: 1.5.2.14234." } ], "impacts": [ { "capecId": "CAPEC-49", "descriptions": [ { "lang": "en", "value": "CAPEC-49 Password Brute Forcing" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-327", "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-916", "description": "CWE-916 Use of Password Hash With Insufficient Computational Effort", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-328", "description": "CWE-328 Use of Weak Hash", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-760", "description": "CWE-760 Use of a One-Way Hash with a Predictable Salt", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-02T14:34:15.470Z", "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "shortName": "ENISA" }, "references": [ { "tags": [ "government-resource" ], "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2025-26486" }, { "tags": [ "vdb-entry" ], "url": "https://euvd.enisa.europa.eu/vulnerability/CVE-2025-26486" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "assignerShortName": "ENISA", "cveId": "CVE-2025-26486", "datePublished": "2025-03-19T15:46:34.309Z", "dateReserved": "2025-02-11T08:24:51.661Z", "dateUpdated": "2025-07-02T14:34:15.470Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-27551 (GCVE-0-2025-27551)
Vulnerability from cvelistv5
Published
2025-03-26 11:07
Modified
2025-09-05 13:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes.
This vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Digest.pm.
This issue affects DBIx::Class::EncodedColumn until 0.00032.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
WREIS | DBIx::Class::EncodedColumn |
Version: 0 < 0.00032 |
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2025-27551", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-03-26T19:17:06.347290Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-03-26T19:17:11.321Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://cpan.org/modules", "defaultStatus": "unaffected", "modules": [ "DBIx::Class::EncodedColumn::Digest" ], "packageName": "DBIx-Class-EncodedColumn", "product": "DBIx::Class::EncodedColumn", "programFiles": [ "lib/DBIx/Class/EncodedColumn/Digest.pm" ], "repo": "https://github.com/wreis/DBIx-Class-EncodedColumn", "vendor": "WREIS", "versions": [ { "lessThan": "0.00032", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Robert Rothenberg" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes.\u003cbr\u003e\u003cbr\u003eThis vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Digest.pm.\u003cbr\u003e\u003cbr\u003eThis issue affects DBIx::Class::EncodedColumn until 0.00032.\u003cbr\u003e" } ], "value": "DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes.\n\nThis vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Digest.pm.\n\nThis issue affects DBIx::Class::EncodedColumn until 0.00032." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-338", "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-916", "description": "CWE-916 Use of Password Hash With Insufficient Computational Effort", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-331", "description": "CWE-331 Insufficient Entropy", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-05T13:20:43.993Z", "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "shortName": "CPANSec" }, "references": [ { "tags": [ "related" ], "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html" }, { "tags": [ "release-notes" ], "url": "https://metacpan.org/release/WREIS/DBIx-Class-EncodedColumn-0.00032/changes" } ], "source": { "discovery": "INTERNAL" }, "title": "DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Digest.pm", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "assignerShortName": "CPANSec", "cveId": "CVE-2025-27551", "datePublished": "2025-03-26T11:07:43.089Z", "dateReserved": "2025-02-28T20:33:23.575Z", "dateUpdated": "2025-09-05T13:20:43.993Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-27552 (GCVE-0-2025-27552)
Vulnerability from cvelistv5
Published
2025-03-26 11:08
Modified
2025-09-05 13:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes.
This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm.
This issue affects DBIx::Class::EncodedColumn until 0.00032.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
WREIS | DBIx::Class::EncodedColumn |
Version: 0 < 0.00032 |
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2025-27552", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-03-26T19:12:59.308361Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-03-26T19:13:10.116Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://cpan.org/modules", "defaultStatus": "unaffected", "packageName": "DBIx-Class-EncodedColumn", "product": "DBIx::Class::EncodedColumn", "programFiles": [ "lib/DBIx/Class/EncodedColumn/Crypt/Eksblowfish/Bcrypt.pm" ], "repo": "https://github.com/wreis/DBIx-Class-EncodedColumn", "vendor": "WREIS", "versions": [ { "lessThan": "0.00032", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Robert Rothenberg" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes.\u003cbr\u003e\u003cbr\u003eThis vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm.\u003cbr\u003e\u003cbr\u003eThis issue affects DBIx::Class::EncodedColumn until 0.00032.\u003cbr\u003e" } ], "value": "DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes.\n\nThis vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm.\n\nThis issue affects DBIx::Class::EncodedColumn until 0.00032." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-338", "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-916", "description": "CWE-916 Use of Password Hash With Insufficient Computational Effort", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-331", "description": "CWE-331 Insufficient Entropy", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-05T13:21:10.093Z", "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "shortName": "CPANSec" }, "references": [ { "tags": [ "related" ], "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html" }, { "tags": [ "release-notes" ], "url": "https://metacpan.org/release/WREIS/DBIx-Class-EncodedColumn-0.00032/changes" } ], "source": { "discovery": "INTERNAL" }, "title": "DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Crypt/Eksblowfish/Bcrypt.pm", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "assignerShortName": "CPANSec", "cveId": "CVE-2025-27552", "datePublished": "2025-03-26T11:08:11.434Z", "dateReserved": "2025-02-28T20:33:23.575Z", "dateUpdated": "2025-09-05T13:21:10.093Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-7789 (GCVE-0-2025-7789)
Vulnerability from cvelistv5
Published
2025-07-18 15:14
Modified
2025-07-18 15:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with insufficient computational effort. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
References
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.316850 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.316850 | signature, permissions-required | |
https://vuldb.com/?submit.615760 | third-party-advisory | |
https://github.com/xuxueli/xxl-job/issues/3751 | exploit, issue-tracking |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-7789", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-07-18T15:28:37.244782Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-07-18T15:28:47.143Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "modules": [ "Token Generation" ], "product": "xxl-job", "vendor": "Xuxueli", "versions": [ { "status": "affected", "version": "3.1.0" }, { "status": "affected", "version": "3.1.1" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "ZAST.AI (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with insufficient computational effort. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used." }, { "lang": "de", "value": "Eine Schwachstelle wurde in Xuxueli xxl-job bis 3.1.1 gefunden. Sie wurde als problematisch eingestuft. Davon betroffen ist die Funktion makeToken der Datei src/main/java/com/xxl/job/admin/controller/IndexController.java der Komponente Token Generation. Mittels Manipulieren mit unbekannten Daten kann eine password hash with insufficient computational effort-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV4_0": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "version": "4.0" } }, { "cvssV3_1": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-916", "description": "Password Hash With Insufficient Computational Effort", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-326", "description": "Inadequate Encryption Strength", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-18T15:14:05.920Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-316850 | Xuxueli xxl-job Token Generation IndexController.java makeToken weak password hash", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.316850" }, { "name": "VDB-316850 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.316850" }, { "name": "Submit #615760 | Xuxueli https://github.com/xuxueli/xxl-job \u003c=3.1.1 Use of a Broken or Risky Cryptographic Algorithm vulnerability (", "tags": [ "third-party-advisory" ], "url": "https://vuldb.com/?submit.615760" }, { "tags": [ "exploit", "issue-tracking" ], "url": "https://github.com/xuxueli/xxl-job/issues/3751" } ], "timeline": [ { "lang": "en", "time": "2025-07-18T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2025-07-18T02:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2025-07-18T09:38:56.000Z", "value": "VulDB entry last update" } ], "title": "Xuxueli xxl-job Token Generation IndexController.java makeToken weak password hash" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2025-7789", "datePublished": "2025-07-18T15:14:05.920Z", "dateReserved": "2025-07-18T07:33:44.888Z", "dateUpdated": "2025-07-18T15:28:47.143Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Mitigation ID: MIT-51
Phase: Architecture and Design
Description:
- Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations ("stretching") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use.
- Some hash functions that have one or more of these desired properties include bcrypt [REF-291], scrypt [REF-292], and PBKDF2 [REF-293]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead.
- Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks. However, their configurability provides finer control over how much CPU and memory is used, so it could be adjusted to suit the environment's needs.
Mitigation ID: MIT-25
Phases: Implementation, Architecture and Design
Description:
- When using industry-approved techniques, use them correctly. Don't cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks.
CAPEC-55: Rainbow Table Password Cracking
An attacker gets access to the database table where hashes of passwords are stored. They then use a rainbow table of pre-computed hash chains to attempt to look up the original password. Once the original password corresponding to the hash is obtained, the attacker uses the original password to gain access to the system.