PT-2023-27305 · Unknown · Social Media Skeleton

Zodiac0704

Publicado

2023-08-18

Atualizado

2023-08-23

CVE-2023-40173

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Social media skeleton versions prior to 1.0.5

Description The issue concerns a social media project implemented using php, css, javascript, and html. Prior to version 1.0.5, the project did not properly salt passwords, leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords. This issue has been addressed in version 1.0.5.

Recommendations For versions prior to 1.0.5, upgrade to version 1.0.5 to address the issue. As a temporary workaround, consider implementing additional security measures to protect user passwords until the upgrade can be applied.

Exploit

Correção

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522

Identificadores relacionados

CVE-2023-40173

GHSA-RFMV-7M7G-V628

Produtos afetados

Social Media Skeleton

PT-2023-27305 · Unknown · Social Media Skeleton

CVE-2023-40173

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10