PT-2020-16261 · Monocms · Monocms Blog
Published
2020-10-06
·
Updated
2020-10-07
·
CVE-2020-25987
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
MonoCMS Blog version 1.0
Description
The issue concerns the storage of hard-coded admin hashes in the log.xml file within the source files of MonoCMS Blog. The hashes are of type bcrypt, and it is possible to use hashcat mode 3200 to crack them.
Recommendations
For MonoCMS Blog version 1.0, consider removing or securely storing the hard-coded admin hashes in the log.xml file to prevent unauthorized access. As a temporary workaround, restrict access to the log.xml file to minimize the risk of exploitation.
Exploit
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Monocms Blog