CVE-2024-24553 MEDIUM

CVE-2024-24553: Bludit uses SHA1 as Password Hashing Algorithm

Vendor Bludit
Product Bludit
Weakness CWE-916
Published June 24, 2024
Last update August 1, 2024

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could determine cleartext passwords with brute-force attacks due to the inherent speed of SHA-1. In addition, the salt that is computed by Bludit is generated with a non-cryptographically secure function.

Key dates

02Disclosure timeline

June 24, 2024 CVE published
August 1, 2024 Record updated