CVE-2024-24553

{"id": "CVE-2024-24553", "metrics": {}, "published": "2024-06-24T07:15:15.063", "references": [{"url": "https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/", "source": "vulnerability@ncsc.ch"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "vulnerability@ncsc.ch", "description": [{"lang": "en", "value": "CWE-916"}]}], "descriptions": [{"lang": "en", "value": "Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could determine cleartext passwords with brute-force attacks due to the inherent speed of SHA-1. In addition, the salt that is computed by Bludit is generated with a non-cryptographically secure function."}, {"lang": "es", "value": "Bludit utiliza el algoritmo hash SHA-1 para calcular hashes de contrase\u00f1as. Por lo tanto, los atacantes podr\u00edan determinar contrase\u00f1as de texto sin cifrar con ataques de fuerza bruta debido a la velocidad inherente de SHA-1. Adem\u00e1s, la sal que calcula Bludit se genera con una funci\u00f3n no criptogr\u00e1ficamente segura."}], "lastModified": "2024-06-24T12:57:36.513", "sourceIdentifier": "vulnerability@ncsc.ch"}