CVE-2024-25607

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-916
View all →

Vulnerability Description

The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers to quickly crack password hashes.

Related Vulnerabilities

CVE-2002-1657

HIGH
CVSS:7.5(High)

PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.

CWE-9162002

CVE-2008-1526

HIGH
CVSS:7.5(High)

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it ea...

CWE-9162008

CVE-2009-5139

HIGH
CVSS:7.5(High)

The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a ...

CWE-9162009

CVE-2014-2560

HIGH
CVSS:7.5(High)

The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack,...

CWE-9162014

CVE-2017-18917

HIGH
CVSS:7.5(High)

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.

CWE-9162017

CVE-2019-19766

HIGH
CVSS:7.5(High)

The Bitwarden server through 1.32.0 has a potentially unwanted KDF.

CWE-9162019