How severe is CVE-2024-56516?

This vulnerability has a severity rating of MEDIUM with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2024-56516?

This is classified as CWE-328, which is a common weakness in software security.

CVE-2024-56516

MEDIUM Year: 2024

Weakness Type

CWE-328

View all →

Vulnerability Description

free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API format. In versions up to and including 1.0.1, MD5 is used to hash passwords before sending them to the backend. MD5 is a cryptographically broken hashing algorithm and is no longer considered secure for password storage or transmission. It is vulnerable to collision attacks and can be easily cracked using modern hardware, exposing user credentials to potential compromise. As of time of publication, a replacement for MD5 has not been committed to the free-one-api GitHub repository.

CVE-2022-45141

CRITICAL

CVSS:9.8(Critical)

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory...

CWE-3282022

CVE-2025-27595

CRITICAL

CVSS:9.8(Critical)

The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device.

CWE-3282025

CVE-2023-46133

CRITICAL

CVSS:9.1(Critical)

CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,00...

CWE-3282023

CVE-2023-46233

CRITICAL

CVSS:9.1(Critical)

crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than curren...

CWE-3282023

CVE-2024-48847

HIGH

CVSS:9.1(Critical)

MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes. Affected products: ABB ASPECT - Enterprise v3.08...

CWE-3282024

CVE-2023-43630

HIGH

CVSS:8.8(High)

PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not so...

CWE-3282023

CVE-2024-56516

Vulnerability Description

Related Vulnerabilities

CVE-2022-45141

CVE-2025-27595

CVE-2023-46133

CVE-2023-46233

CVE-2024-48847

CVE-2023-43630