HotelDruid up to 1.31 funzioni.php weak password hash
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.0 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as problematic has been discovered in HotelDruid up to 1.31. Affected is an unknown function of the file funzioni.php. The manipulation results in weak password hash. This vulnerability is reported as CVE-2024-23091. No exploit exists. It is advisable to upgrade the affected component.
Details
A vulnerability, which was classified as problematic, was found in HotelDruid up to 1.31. Affected is an unknown functionality of the file funzioni.php. The manipulation with an unknown input leads to a weak password hash vulnerability. CWE is classifying the issue as CWE-916. The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive. This is going to have an impact on confidentiality. CVE summarizes:
Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values.
The advisory is available at hoteldruid.com. This vulnerability is traded as CVE-2024-23091 since 01/11/2024. The exploitability is told to be difficult. Technical details are known, but there is no available exploit. This vulnerability is assigned to T1552 by the MITRE ATT&CK project.
By approaching the search of inurl:funzioni.php it is possible to find vulnerable targets with Google Hacking.
Upgrading to version 1.32 eliminates this vulnerability.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Type
Name
Version
- 1.0
- 1.1
- 1.2
- 1.3
- 1.4
- 1.5
- 1.6
- 1.7
- 1.8
- 1.9
- 1.10
- 1.11
- 1.12
- 1.13
- 1.14
- 1.15
- 1.16
- 1.17
- 1.18
- 1.19
- 1.20
- 1.21
- 1.22
- 1.23
- 1.24
- 1.25
- 1.26
- 1.27
- 1.28
- 1.29
- 1.30
- 1.31
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.0VulDB Meta Temp Score: 5.0
VulDB Base Score: 2.6
VulDB Temp Score: 2.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Weak password hashCWE: CWE-916 / CWE-326 / CWE-310
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
Google Hack: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: HotelDruid 1.32
Timeline
01/11/2024 🔍07/30/2024 🔍
07/30/2024 🔍
08/24/2024 🔍
Sources
Advisory: hoteldruid.comStatus: Confirmed
CVE: CVE-2024-23091 (🔍)
GCVE (CVE): GCVE-0-2024-23091
GCVE (VulDB): GCVE-100-273162
Entry
Created: 07/30/2024 17:16Updated: 08/24/2024 03:42
Changes: 07/30/2024 17:16 (55), 07/31/2024 16:28 (1), 08/24/2024 03:42 (12)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.