Gulivindala

**Name of the Vulnerable Software and Affected Versions** ChurchCRM version 4.5.3 **Description** The hashing algorithm utilizes a non-random salt value, allowing attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords. **Recommendations** For ChurchCRM version 4.5.3, consider updating the hashing algorithm to use a random salt value to prevent dictionary attacks. As a temporary workaround, restrict access to password-protected areas of the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.