Описание
Exposure of password hashes in notrinos/notrinos-erp
The AP officers account is authorized to Backup and Restore the Database, Due to this he/she can download the backup and see the password hash of the System Administrator account, The weak hash (MD5) of the password can be easily cracked and get the admin password.
Пакеты
Наименование
notrinos/notrinos-erp
composer
Затронутые версииВерсия исправления
< 0.7
0.7
Связанные уязвимости
CVSS3: 8.8
nvd
больше 3 лет назад
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation to a system administrator account. An attacker can gain access to protected functionality such as create/update companies, install/update languages, install/activate extensions, install/activate themes and other permissive actions.