CVE-2024-56516

Name of the Vulnerable Software and Affected Versions free-one-api versions up to and including 1.0.1

Description The issue concerns the use of MD5, a cryptographically broken hashing algorithm, to hash passwords before sending them to the backend. This makes it vulnerable to collision attacks and can be easily cracked using modern hardware, exposing user credentials to potential compromise. The free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API format.

Recommendations For versions up to and including 1.0.1, consider disabling password hashing using MD5 until a secure replacement is implemented. As a temporary workaround, restrict access to sensitive areas of the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.