Use of Weak Hash

CVE-2023-0452

Medium

5.3/10

Summary

Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-328 - Use of Weak Hash

The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).

References

Advisory Timeline

Published Jan 26, 2023

Use of Weak Hash

CVE-2023-0452

Summary

CWE-328 - Use of Weak Hash

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS