Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way…
ENISA·CWE-327·Published 2025-03-19
Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to password hashes to bruteforce user passwords or find a collision to ultimately while attempting to gain access to a target application that uses "Life 1st Identity Manager" as a service for authentication. This issue affects Life 1st: 1.5.2.14234.
Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to password hashes to bruteforce user passwords or find a collision to ultimately while attempting to gain access to a target application that uses "Life 1st Identity Manager" as a service for authentication. This issue affects Life 1st: 1.5.2.14234.
El uso de un algoritmo criptográfico roto o riesgoso, el uso de un hash de contraseña con un esfuerzo computacional insuficiente, el uso de un hash débil, el uso de un hash unidireccional con una vulnerabilidad de sal predecible en Beta80 Life 1st permite a un atacante usar la fuerza bruta de las contraseñas de los usuarios o encontrar una colisión para obtener acceso a una aplicación de destino que utiliza BETA80 "Life 1st Identity Manager" como un servicio para la autenticación. Este problema afecta a Life 1st: 1.5.2.14234.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | cve.org | 6.0 | — | — | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
| 3.1 | Secondary | NVD | 6.0 | 1.5 | 4.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |