CVE-2022-37164

Name of the Vulnerable Software and Affected Versions Inoda OnTrack version 3.4

Description The issue is related to a weak password policy, allowing potential unauthorized access via brute-force attacks. User passwords are hashed without a salt or pepper, making it easier for tools like hashcat to crack the hashes.

Recommendations For Inoda OnTrack version 3.4, consider implementing a stronger password policy and hashing passwords with a salt or pepper to prevent easy cracking by tools like hashcat. As a temporary workaround, restrict access to sensitive areas of the application to minimize the risk of exploitation.