Forum

Bitte oder Registrieren, um Beiträge und Themen zu erstellen.

CVE-2022-37164 - Inoda OnTrack v3.4

Forum@forum
51 Beiträge
#1 · 8. September 2022, 00:00

Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes.

References
https://cwe.mitre.org/data/definitions/521.html
https://cwe.mitre.org/data/definitions/916.html

CVE-2022-37857, CVE-2022-37163, CVE-2022-37164 Hardcoded Credentials/Weak Password Policies


https://github.com/inoda/ontrack/issues/78

Anklicken für Daumen nach unten.0Anklicken für Daumen nach oben.0