CVE-2023-26855
7.5HIGHThe hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords.
Published: 4/4/2023Updated: 2/13/2025
Description
The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords.
AI AnalysisPowered by AI
Affected Products
churchcrmchurchcrm
4.5.3
References
- https://github.com/ChurchCRM/CRM/issues/6449ExploitIssue TrackingThird Party Advisory
- https://github.com/ChurchCRM/CRM/issues/6449ExploitIssue TrackingThird Party Advisory