CVE-2024-29886

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-916
View all →

Vulnerability Description

Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6.

Related Vulnerabilities

CVE-2018-15717

MEDIUM
CVSS:5.3(Medium)

Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes.

CWE-9162018

CVE-2019-12737

MEDIUM
CVSS:5.3(Medium)

UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.

CWE-9162019

CVE-2021-37551

MEDIUM
CVSS:5.3(Medium)

In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.

CWE-9162021

CVE-2022-23348

MEDIUM
CVSS:5.3(Medium)

BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes.

CWE-9162022

CVE-2023-41646

MEDIUM
CVSS:5.3(Medium)

Buttercup v2.20.3 allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/

CWE-9162023