CVE-2019-25030

Name of the Vulnerable Software and Affected Versions Versa Director, Versa Analytics, and VOS (affected versions not specified)

Description The issue concerns the storage of passwords without using an adaptive cryptographic hash function or key derivation function, making them susceptible to password cracking. The use of popular hashing algorithms like MD5 and SHA-1 alone is insufficient to prevent attacks. Attackers can generate precomputed hashes, known as "rainbow tables," for all possible password character combinations relatively quickly. The use of adaptive hashing algorithms, such as scrypt, bcrypt, or Key-Derivation Functions like PBKDF2, would make generating such rainbow tables computationally infeasible.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.