Lucene search

GoogleOSV:CVE-2024-23091

HistoryJul 30, 2024 - 2:15 p.m.

CVE-2024-23091

2024-07-3014:15:02

Google

osv.dev

password hashing

md5

hoteldruid

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

36.5%

JSON

Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values.

References

medium.com/%40cnetsec/security-advisory-cve-2024-23091-weak-password-hashing-using-md5-f18a6fe3a473

security-tracker.debian.org/tracker/CVE-2024-23091

www.hoteldruid.com/en/download.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

36.5%

JSON

Related for OSV:CVE-2024-23091