Use of Password Hash With Insufficient Computational Effort

CVE-2022-1235

High

8.2/10

Summary

Weak secrethash can be brute-forced in remdex/livehelperchat.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-916 - Use of Password Hash With Insufficient Computational Effort

The software generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.

References

Advisory
Disclosure

Advisory Timeline

Published Apr 05, 2022

Use of Password Hash With Insufficient Computational Effort

CVE-2022-1235

Summary

CWE-916 - Use of Password Hash With Insufficient Computational Effort

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS