CVE-2022-37163

Name of the Vulnerable Software and Affected Versions Bminusl IHateToBudget version 1.5.7

Description The issue is related to a weak password policy, which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper, making it easier for tools like hashcat to crack the hashes.

Recommendations For Bminusl IHateToBudget version 1.5.7, consider implementing a stronger password policy and hashing user passwords with a salt or pepper to prevent unauthorized access. As a temporary workaround, restrict access to sensitive areas of the application to minimize the risk of exploitation.