Neuvector · Neuvector · CVE-2025-53884
Name of the Vulnerable Software and Affected Versions:
NeuVector versions 5.0.0 through 5.4.5
Description:
NeuVector stores user passwords and API keys using a simple, unsalted hash, making it vulnerable to rainbow table attacks. The software generates a cryptographically secure, random 16-character salt and uses it with the PBKDF2 algorithm when creating a user, updating a user’s password, or creating an API key. After upgrading to NeuVector 5.4.6, users must log in again to regenerate the password hash, and at least one request per API key must be sent to regenerate its hash value.
Recommendations:
Upgrade to NeuVector version 5.4.6 or later.