Lucene search
K

6 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56272

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database...

5.6CVSS5.8AI score0.00073EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 11:53 a.m.9 views

EUVD-2026-38748

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database...

5.6CVSS5.8AI score0.00073EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 11:53 a.m.10 views

CVE-2026-56272

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5 (32 iterations), yielding a higher risk of password hash cracking. The vulnerability allows attackers to crack hashes faster on modern GPUs, potentially compromising all user accounts in a database breach. Affected component is the b...

5.6CVSS5.8AI score0.00073EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/03/05 9:54 p.m.5 views

Use of Password Hash With Insufficient Computational Effort

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the use of insufficient bcrypt salt rounds in the getHash function. An attacker can significantly reduce the time required to crack passwor...

5.6CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/03/05 9:54 p.m.21 views

GHSA-X2G5-FVC2-GQVP Flowise has Insufficient Password Salt Rounds

Description The default bcrypt salt rounds is set to 5, which is below the recommended minimum for security. Affected Code export function getHashvalue: string const salt = bcrypt.genSaltSyncparseIntprocess.env.PASSWORDSALTHASHROUNDS || '5' return bcrypt.hashSyncvalue, salt Evidence Using 5 salt...

4.1CVSS6AI score0.00073EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.13 views

PT-2026-51776

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.13 Description The software uses bcrypt with a default salt round value of 5, resulting in only 32 iterations. This is significantly lower than the OWASP-recommended minimum of 10 rounds 1024 iterations. This...

5.6CVSS5.8AI score0.00073EPSS
Exploits0References9
Rows per page
Query Builder