CVE-2024-1040 MEDIUM

CVE-2024-1040: Use of a Broken or Risky Cryptographic Algorithm in Gessler GmbH WEB-MASTER

Vendor Gessler Gmbh
Product WEB-MASTER
Weakness CWE-327 · Broken crypto
Published February 1, 2024
Last update August 7, 2025

CVSS base score

4.4/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker can restore the passwords by breaking the hashes stored on the device.

Key dates

02Disclosure timeline

February 1, 2024 CVE published
August 7, 2025 Record updated