CVE-2024-23091

Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values.
Configurations

Configuration 1 (hide)

cpe:2.3:a:digitaldruid:hoteldruid:*:*:*:*:*:*:*:*

History

23 Aug 2024, 13:51

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE CWE-916
References () https://medium.com/%40cnetsec/security-advisory-cve-2024-23091-weak-password-hashing-using-md5-f18a6fe3a473 - () https://medium.com/%40cnetsec/security-advisory-cve-2024-23091-weak-password-hashing-using-md5-f18a6fe3a473 - Exploit, Third Party Advisory
References () https://www.hoteldruid.com/en/download.html - () https://www.hoteldruid.com/en/download.html - Product
CPE cpe:2.3:a:digitaldruid:hoteldruid:*:*:*:*:*:*:*:*
First Time Digitaldruid hoteldruid
Digitaldruid

31 Jul 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) El hash de contraseña débil usando MD5 en funzioni.php en HotelDruid anterior a 1.32 permite a un atacante obtener contraseñas en texto plano a partir de valores hash.

30 Jul 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-30 14:15

Updated : 2024-08-23 13:51


NVD link : CVE-2024-23091

Mitre link : CVE-2024-23091

CVE.ORG link : CVE-2024-23091


JSON object : View

Products Affected

digitaldruid

  • hoteldruid
CWE
CWE-916

Use of Password Hash With Insufficient Computational Effort