Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Liferay Portal Use of Password Hash With Insufficient Computational Effort Vulnerability (CVE-2024-25607)

Description

The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers to quickly crack password hashes.

Remediation

References

Related Vulnerabilities

Squid Other Vulnerability (CVE-2015-0881)

PHP Improper Input Validation Vulnerability (CVE-2015-8873)

WordPress 6.1.x Multiple Vulnerabilities (6.1 - 6.1.6)

WordPress Plugin Contact Form by Supsystic Multiple Vulnerabilities (1.7.5)

WordPress Plugin Advanced Custom Fields PRO Cross-Site Scripting (5.9.0)

Severity

High

Classification

CVE-2024-25607 CWE-916 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities