Lucene search

Password Hashing: Do not use MD5

🗓️ 30 Jan 2020 21:58:21Reported by GitHub Advisory DatabaseType

Password hashing uses insecure MD5 and lacks random salt, upgrading to bcrypt in Opencast 8.

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 9
CVE	CVE-2020-5229	30 Jan 202020:15	–	cve
Cvelist	CVE-2020-5229 Opencast stores passwords using outdated MD5 hash algorithm	30 Jan 202020:05	–	cvelist
RedhatCVE	CVE-2020-5229	5 Feb 202515:38	–	redhatcve
Prion	Default credentials	30 Jan 202020:15	–	prion
Veracode	Weak Encryption Standards	31 Jan 202002:24	–	veracode
NVD	CVE-2020-5229	30 Jan 202020:15	–	nvd
OSV	CVE-2020-5229	30 Jan 202020:15	–	osv
OSV	Password Hashing: Do not use MD5	30 Jan 202021:21	–	osv
OpenVAS	Opencast < 8.1.0 Password Hashing Vulnerability	4 Feb 202000:00	–	openvas

Vulners

Node

org.opencastproject opencast-common-jpa-implRange8.0–8.1

org.opencastproject opencast-common-jpa-implRange<7.6

Source	Link
github	www.github.com/opencast/opencast/security/advisories/GHSA-h362-m8f2-5x7c
github	www.github.com/opencast/opencast/commit/32bfbe5f78e214e2d589f92050228b91d704758e
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-5229
github	www.github.com/advisories/GHSA-h362-m8f2-5x7c

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

30 Jan 2020 21:21Current

0.7Low risk

Vulners AI Score0.7

CVSS25.5

CVSS37.7 - 8.1

EPSS0.0013

CWE-327