CVE-2017-11131

Name of the Vulnerable Software and Affected Versions heinekingmedia StashCat versions 1.7.5 and earlier for Android heinekingmedia StashCat versions 0.0.80w and earlier for Web heinekingmedia StashCat versions 0.0.86 and earlier for Desktop

Description The issue concerns the authentication mechanism, where user passwords are hashed directly with SHA-512 without a salt or another key-derivation mechanism. Only the first 32 bytes of the hash are used, making it vulnerable to dictionary and rainbow-table attacks if an attacker gains access to the password hash.

Recommendations For heinekingmedia StashCat version 1.7.5 and earlier for Android, consider implementing a secure password hashing mechanism that utilizes a salt and a key-derivation function to prevent easy dictionary and rainbow-table attacks. For heinekingmedia StashCat version 0.0.80w and earlier for Web, consider implementing a secure password hashing mechanism that utilizes a salt and a key-derivation function to prevent easy dictionary and rainbow-table attacks. For heinekingmedia StashCat version 0.0.86 and earlier for Desktop, consider implementing a secure password hashing mechanism that utilizes a salt and a key-derivation function to prevent easy dictionary and rainbow-table attacks.