Описание
An issue was discovered in Epikur before 20.1.1. It stores the secret passwords of the users as MD5 hashes in the database. MD5 can be brute-forced efficiently and should not be used for such purposes. Additionally, since no salt is used, rainbow tables can speed up the attack.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 20.1.1 (исключая)
cpe:2.3:a:epikur:epikur:*:*:*:*:*:*:*:*
EPSS
Процентиль: 7%
0.00027
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-916
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in Epikur before 20.1.1. It stores the secret passwords of the users as MD5 hashes in the database. MD5 can be brute-forced efficiently and should not be used for such purposes. Additionally, since no salt is used, rainbow tables can speed up the attack.
EPSS
Процентиль: 7%
0.00027
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-916