THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2024-24553

Bludit uses SHA1 as Password Hashing Algorithm

Assigner:NCSC.ch
Reserved:2024-01-25
Published:2024-06-24
Updated:2024-06-24

Description

Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could determine cleartext passwords with brute-force attacks due to the inherent speed of SHA-1. In addition, the salt that is computed by Bludit is generated with a non-cryptographically secure function.



MEDIUM: 5.9CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-916 Use of Password Hash With Insufficient Computational Effort

Product status

Default status
unaffected

2.0
affected

Credits

Andreas Pfefferle, Redguard AG finder

References

https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/

cve.org CVE-2024-24553

nvd.nist.gov CVE-2024-24553

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-24553
Find us on
Data Privacy
Terms of Use
Logo Silicon Valley Europe
Logo BSI Allianz für Cyber-Sicherheit