CVE-2023-26855

Name of the Vulnerable Software and Affected Versions ChurchCRM version 4.5.3

Description The hashing algorithm utilizes a non-random salt value, allowing attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords.

Recommendations For ChurchCRM version 4.5.3, consider updating the hashing algorithm to use a random salt value to prevent dictionary attacks. As a temporary workaround, restrict access to password-protected areas of the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.