CVE-2011-4432

Name of the Vulnerable Software and Affected Versions Merethis Centreon versions prior to 2.3.2

Description The issue concerns the calculation of a password hash in the www/include/configuration/nconfigObject/contact/DB-Func.php file. Specifically, it does not utilize a salt, making it easier for attackers to determine cleartext passwords via a rainbow-table approach.

Recommendations For versions prior to 2.3.2, update to version 2.3.2 or later to resolve the issue. As a temporary workaround, consider implementing additional security measures to protect against rainbow-table attacks, such as using a web application firewall or restricting access to sensitive areas of the application.