CVE-2025-26486

Name of the Vulnerable Software and Affected Versions Beta80 Life 1st version 1.5.2.14234

Description The issue involves the use of a broken or risky cryptographic algorithm, including the use of password hash with insufficient computational effort, use of weak hash, and use of a one-way hash with a predictable salt. This allows an attacker to bruteforce user passwords or find a collision to gain access to a target application using the BETA80 “Life 1st Identity Manager” as a service for authentication.

Recommendations For version 1.5.2.14234, consider updating the cryptographic algorithm to a more secure one, and increase the computational effort for password hashing to prevent bruteforce attacks. As a temporary workaround, restrict access to the Life 1st Identity Manager service to minimize the risk of exploitation.