CVE-2024-38881

Name of the Vulnerable Software and Affected Versions Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405

Description The issue allows a remote attacker to perform a Rainbow Table Password cracking attack due to the use of one-way hashes without salts when storing user passwords. This makes it easier for attackers to crack the hashes and steal passwords.

Recommendations For versions 16.0.1.1663 through 24.0.1.2405, patch to the latest version as soon as possible and force password resets to minimize the risk of exploitation. As a temporary workaround, consider implementing additional password security measures, such as multi-factor authentication, until the issue is resolved.