How severe is CVE-2023-26855?

CVE-2023-26855 has a CVSS v3 score of 7.5 (HIGH).

CVE-2023-26855

Name: churchcrm
Author: churchcrm

7.5HIGH

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords.

Опубликовано: 4/4/2023Обновлено: 2/13/2025

Описание

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords.

ИИ-АнализНа базе ИИ

Затронутые продукты

churchcrmchurchcrm

4.5.3

Ссылки

https://github.com/ChurchCRM/CRM/issues/6449
ExploitIssue TrackingThird Party Advisory
https://github.com/ChurchCRM/CRM/issues/6449
ExploitIssue TrackingThird Party Advisory