CVE-2025-34208

Name of the Vulnerable Software and Affected Versions Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) (affected versions not specified)

Description The software stores user passwords using unsalted SHA-512 hashes, with a fallback to unsalted SHA-1. The hashing is performed using PHP's hash() function in multiple files including server write requests users.php, update database.php, legacy/Login.php, and tests/Unit/Api/IdpControllerTest.php. The lack of per-user salt makes the hashing unsuitable for password storage, allowing an attacker with access to the password database to recover cleartext passwords through offline dictionary or rainbow table attacks. The code includes logic that migrates legacy SHA-1 hashes to SHA-512 during login, potentially exposing users still utilizing the older hash.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.