CVE-2020-10538

An issue was discovered in Epikur before 20.1.1. It stores the secret passwords of the users as MD5 hashes in the database. MD5 can be brute-forced efficiently and should not be used for such purposes. Additionally, since no salt is used, rainbow tables can speed up the attack.
References
Link Resource
https://www.x41-dsec.de/lab/advisories/x41-2020-003-epikur Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:epikur:epikur:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-02-05 14:15

Updated : 2024-02-28 18:08


NVD link : CVE-2020-10538

Mitre link : CVE-2020-10538

CVE.ORG link : CVE-2020-10538


JSON object : View

Products Affected

epikur

  • epikur
CWE
CWE-916

Use of Password Hash With Insufficient Computational Effort