CVE-2020-10538

Name of the Vulnerable Software and Affected Versions Epikur versions prior to 20.1.1

Description The issue concerns the storage of user passwords as MD5 hashes in the database, which can be brute-forced efficiently. The lack of salt in the hashing process makes it vulnerable to rainbow table attacks, further speeding up the potential breach.

Recommendations For versions prior to 20.1.1, update to version 20.1.1 or later to resolve the issue. As a temporary workaround, consider implementing additional security measures such as multi-factor authentication to minimize the risk of exploitation. Restrict access to sensitive data and consider using a more secure password hashing algorithm that incorporates salting.