CVE-2023-40173 HIGH

CVE-2023-40173: Unsalted passwords in fobybus/social-media-skeleton

Vendor Fobybus
Product social-media-skeleton
Weakness CWE-522 · Insufficiently protected credentials
Published August 18, 2023
Last update October 2, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Prior to version 1.0.5 Social media skeleton did not properly salt passwords leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords. This issue has been addressed in version 1.0.5 and users are advised to upgrade. There are no known workarounds for this issue.

Key dates

02Disclosure timeline

August 18, 2023 CVE published
October 2, 2024 Record updated

Related vulnerabilities

04Related CVE