CVE-2022-37164

Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes.

Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes.

Inoda OnTrack versión v3.4, emplea una política de contraseña débil que permite a atacantes conseguir acceso no autorizado a la aplicación mediante ataques de fuerza bruta. Además, las contraseñas de usuarios son cifradas sin sal ni pimienta, lo que facilita mucho que herramientas como hashcat descifren los hashes