exploitDog

CVE-2025-65831

Опубликовано: 10 дек. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

The application uses an insecure hashing algorithm (MD5) to hash passwords. If an attacker obtained a copy of these hashes, either through exploiting cloud services, performing TLS downgrade attacks on the traffic from a mobile device, or through another means, they may be able to crack the hash in a reasonable amount of time and gain unauthorized access to the victim's account.

Ссылки

https://gist.github.com/dead1nfluence/4dffc239b4a460f41a03345fd8e5feb5#file-lack-of-certificate-pinning-md
Third Party Advisory
https://github.com/dead1nfluence/Meatmeet-Pro-Vulnerabilities/blob/main/Mobile-Application/Insecure-Algorithm.md
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:meatmeet:meatmeet:1.1.2.0:*:*:*:pro:android:*:*

EPSS

Процентиль: 5%

0.00021

Низкий

7.5 High

CVSS3

Дефекты

CWE-327

Связанные уязвимости

GHSA-c8vg-3hf7-w2q5

CVSS3: 7.5

github

около 2 месяцев назад

The application uses an insecure hashing algorithm (MD5) to hash passwords. If an attacker obtained a copy of these hashes, either through exploiting cloud services, performing TLS downgrade attacks on the traffic from a mobile device, or through another means, they may be able to crack the hash in a reasonable amount of time and gain unauthorized access to the victim's account.

EPSS

Процентиль: 5%

0.00021

Низкий

7.5 High

CVSS3

Дефекты

CWE-327