CVE-2018-15680

Name of the Vulnerable Software and Affected Versions BTITeam XBTIT version 2.5.4

Description An issue was discovered where the hashed passwords stored in the xbtit users table are stored as unsalted MD5 hashes. This makes it easier for attackers to obtain cleartext values via a brute-force attack.

Recommendations For BTITeam XBTIT version 2.5.4, consider updating the password storage mechanism to use a salted hashing algorithm to mitigate the risk of brute-force attacks. As a temporary workaround, restrict access to the xbtit users table to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.