CVE-2022-1235

Name of the Vulnerable Software and Affected Versions livehelperchat/livehelperchat versions prior to 3.96

Description The issue concerns a weak secrethash that can be brute-forced, affecting the security measures of the application. The secrethash is relatively small, consisting of only 10 hexadecimal characters, resulting in 16^10 possibilities (1,099,511,627,776). An attacker can obtain the SHA1 of the secret via a captcha string and then brute-force it offline using a GPU.

Recommendations For versions prior to 3.96, update to version 3.96 or later to resolve the issue. As a temporary workaround, consider restricting access to the captcha string to minimize the risk of exploitation.