Lucene search

[email protected]NVD:CVE-2024-23091

HistoryJul 30, 2024 - 2:15 p.m.

CVE-2024-23091

2024-07-3014:15:02

CWE-916

[email protected]

web.nvd.nist.gov

password hashing

md5

hoteldruid security

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

36.5%

JSON

Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values.

Affected configurations

Nvd

Node

digitaldruidhoteldruidRange<1.3.2

VendorProductVersionCPE
digitaldruidhoteldruid*cpe:2.3:a:digitaldruid:hoteldruid:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
digitaldruid	hoteldruid	*	cpe:2.3:a:digitaldruid:hoteldruid::::::::

References

medium.com/%40cnetsec/security-advisory-cve-2024-23091-weak-password-hashing-using-md5-f18a6fe3a473

www.hoteldruid.com/en/download.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

36.5%

JSON

Related for NVD:CVE-2024-23091

debiancve1 cve1 osv1 cvelist1 vulnrichment1