Use of Password Hash With Insufficient Computational Effort

CVE-2014-0083

Medium

5.5/10

Summary

The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-916 - Use of Password Hash With Insufficient Computational Effort

The software generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.

References

Issue
Advisory

Advisory Timeline

Published Nov 21, 2019

Use of Password Hash With Insufficient Computational Effort

CVE-2014-0083

Summary

CWE-916 - Use of Password Hash With Insufficient Computational Effort

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS