CVE-2023-2881

Name of the Vulnerable Software and Affected Versions pimcore/customer-data-framework versions prior to 3.3.10

Description The issue concerns storing passwords in a recoverable format. An attacker can exploit this by enumerating passwords for specific IDs, potentially leading to the disclosure of password hashes that can be cracked using tools like hashcat.

Recommendations For versions prior to 3.3.10, update to version 3.3.10 to resolve the issue. As a temporary workaround, apply the patch manually from https://github.com/pimcore/customer-data-framework/commit/d1d58c10313f080737dc1e71fab3beb12488a1e6.patch to mitigate the risk.