mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
72 lines
2.6 KiB
JSON
72 lines
2.6 KiB
JSON
{
|
|
"id": "CVE-2025-26486",
|
|
"sourceIdentifier": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
|
|
"published": "2025-03-19T16:15:31.457",
|
|
"lastModified": "2025-03-19T16:15:31.457",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Use of a Broken or Risky Cryptographic Algorithm, Use of Password Hash \nWith Insufficient Computational Effort, Use of Weak Hash, Use of a \nOne-Way Hash with a Predictable Salt vulnerability in Beta80 Life 1st \nallows an \nAttacker to Bruteforce User\nPasswords or find a collision to gain access to a target application using BETA80\n\u201cLife 1st Identity Manager\u201d as a service for authentication.This issue affects Life 1st: 1.5.2.14234."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "El uso de un algoritmo criptogr\u00e1fico roto o riesgoso, el uso de un hash de contrase\u00f1a con un esfuerzo computacional insuficiente, el uso de un hash d\u00e9bil, el uso de un hash unidireccional con una vulnerabilidad de sal predecible en Beta80 Life 1st permite a un atacante usar la fuerza bruta de las contrase\u00f1as de los usuarios o encontrar una colisi\u00f3n para obtener acceso a una aplicaci\u00f3n de destino que utiliza BETA80 \"Life 1st Identity Manager\" como un servicio para la autenticaci\u00f3n. Este problema afecta a Life 1st: 1.5.2.14234."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
|
|
"baseScore": 6.0,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "HIGH",
|
|
"userInteraction": "NONE",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 1.5,
|
|
"impactScore": 4.0
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-327"
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-328"
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-760"
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-916"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2025-26486",
|
|
"source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158"
|
|
}
|
|
]
|
|
} |