Description

The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers to quickly crack password hashes.

Remediation

References

CVE-2024-25607

Related Vulnerabilities

WordPress Plugin Powerplay Gallery Multiple Vulnerabilities (3.3)

Oracle Database Server CVE-2014-2478 Vulnerability (CVE-2014-2478)

WordPress Plugin Dynamic Content for Elementor Remote Code Execution (1.9.5.6)

WordPress Plugin Academy LMS-eLearning and online course solution for WordPress Information Disclosure (1.9.25)

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3195)

Severity

High

Classification

CVE-2024-25607 CWE-916 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities