An issue was discovered in Epikur before 20.1.1. It stores the secret passwords of the users as MD5 hashes in the database. MD5 can be brute-forced efficiently and should not be used for such purposes. Additionally, since no salt is used, rainbow tables can speed up the attack.
References
Link | Resource |
---|---|
https://www.x41-dsec.de/lab/advisories/x41-2020-003-epikur | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2021-02-05 14:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-10538
Mitre link : CVE-2020-10538
CVE.ORG link : CVE-2020-10538
JSON object : View
Products Affected
epikur
- epikur
CWE
CWE-916
Use of Password Hash With Insufficient Computational Effort