Lucene search
NCSC.chVULNRICHMENT:CVE-2024-24553HistoryJun 24, 2024 - 7:10 a.m.
CVE-2024-24553 Bludit uses SHA1 as Password Hashing Algorithm
2024-06-2407:10:03
CWE-916
NCSC.ch
github.com
bludit
cve-2024-24553
password hashing
sha-1
brute-force
salt
5.9 Medium
CVSS4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/SC:N/VI:H/SI:N/VA:N/SA:N
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could determine cleartext passwords with brute-force attacks due to the inherent speed of SHA-1. In addition, the salt that is computed by Bludit is generated with a non-cryptographically secure function.
CNA Affected
[
{
"repo": "https://github.com/bludit/bludit/",
"vendor": "Bludit",
"product": "Bludit",
"versions": [
{
"status": "affected",
"version": "2.0"
}
],
"platforms": [
"Linux",
"Windows",
"MacOS"
],
"packageName": "Bludit",
"programFiles": [
"bl-kernel/login.class.php",
"bl-kernel/users.class.php"
],
"collectionURL": "https://www.bludit.com/",
"defaultStatus": "unaffected"
}
]Related
cve
cve
CVE-2024-24553
2024-06-24 07:15:15
nvd
nvd
CVE-2024-24553
2024-06-24 07:15:15
cvelist
cvelist
CVE-2024-24553 Bludit uses SHA1 as Password Hashing Algorithm
2024-06-24 07:10:03
5.9 Medium
CVSS4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/SC:N/VI:H/SI:N/VA:N/SA:N
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Related for VULNRICHMENT:CVE-2024-24553