CVE-2024-23091

EUVD-2024-20616
Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
digitaldruidhoteldruid
𝑥
< 1.3.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
hoteldruid
bookworm
unimportant
bullseye
unimportant
sid
unimportant
Common Weakness Enumeration
References
https://medium.com/%40cnetsec/security-advisory-cve-2024-23091-weak-password-hashing-using-md5-f18a6fe3a473
https://www.hoteldruid.com/en/download.html
https://medium.com/%40cnetsec/security-advisory-cve-2024-23091-weak-password-hashing-using-md5-f18a6fe3a473
https://www.hoteldruid.com/en/download.html