CVE-2024-24553

June 24, 2024, 12:57 p.m.

Tags

CWE-916
2024-06-24
vulnerability@ncsc.ch
CVE-2024-24553

Product(s) Impacted

Bludit

Description

Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could determine cleartext passwords with brute-force attacks due to the inherent speed of SHA-1. In addition, the salt that is computed by Bludit is generated with a non-cryptographically secure function.

Weaknesses

CWE-916
Use of Password Hash With Insufficient Computational Effort

The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.

CWE ID: 916

Date

Published: June 24, 2024, 7:15 a.m.

Last Modified: June 24, 2024, 12:57 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

vulnerability@ncsc.ch

References

https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/
vulnerability@ncsc.ch